xloader

General

Target

a20f0173ff04b522423f4cabecf30e330082bc80e0aa273c01c631d43bb44685
Size

687KB
Sample

241121-yp9wfszqgj
MD5

75bb5a9ad1919477f1b5ab10526ab6c9
SHA1

b5bdef219aec35e6248a3033ee2dc24f4c183cb6
SHA256

a20f0173ff04b522423f4cabecf30e330082bc80e0aa273c01c631d43bb44685
SHA512

b14b614ec005d2c5c043c56e772be5aa2d8d8f334dd5a1f608a09053407c0c7d1496a5b198d9c0cc08881ddc1f17d7d4d21aeeaa633ab81e2cb31326de49ed9b
SSDEEP

12288:nqUnMGvQ2b2rHcojO+Pm26Gk8V+Tux6JhP3jZ3WXz+dsVrA7XDxAZugcqpq:nxpvQ2UcuOH378FxWhp68sVU7zuZ1nq

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

sgs8

Decoy

epptexportools.com

theweddingofshadiandmike.com

588movie.com

deannahayko.com

smithkenney.com

mogurin-blog.com

heffner.host

nflflex.com

tshirtcustomdesign.com

livingwithinstinct.com

hanbangvu.com

5starsct.com

jystainlesscoil.com

lechazosdeliebana.com

northeastcampervans.com

halloweeneventsinmiami.com

wellnesswithshami.net

mklaboratories.com

oilepp.club

ravexim3.com

Targets

- Target
  
  po.bin
- Size
  
  799KB
- MD5
  
  fdb126e87df87515f8a22c716e15e262
- SHA1
  
  539b8cbcfea5f7366b7fb8653b3ff2421b7fd7d7
- SHA256
  
  c76ee82571b23b768691e4bf77332d125d2f9478055ead98278580a11a448e35
- SHA512
  
  82fbe9f215ebb32b53479baef3e0543acf31a7cdbe2d270e17549316a748b772227f3d39c47ed3f38a8ad62da47b4ec55783f17017c02cfb8af7ee1d706748ef
- SSDEEP
  
  12288:fjmagjIftv66WzGWSE5D1kIpNSDVtprqndi8axQ0SRKEGO84bOxBwpuUXYwrmktp:D5RhEp1orIajSR1QGqwp3j1s
Score

10^/10

xloader sgs8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2