xloader

General

Target

f46af7c7490c42c4e04cb98f27f3f1741e75a3484f78852e63af21a7fdc38827
Size

646KB
Sample

241121-ypgjxawldv
MD5

21e6fc50692ae082e641b1f5cec205ea
SHA1

95d98e5667a4192395ec5201d1d2d7f0b9157cba
SHA256

f46af7c7490c42c4e04cb98f27f3f1741e75a3484f78852e63af21a7fdc38827
SHA512

99038835f22d5f2b0bf81d103a8dc15f44403ca89f7b0d512d04e71365dfd6df791b6bd0e98aee4482ec0339e56573977dffcb7bc3d7439d8bb52312a1cfdf92
SSDEEP

12288:8qm18zoGreNBFIk8KuJx8xMISy/KYQOz6HzI8nPV1MUkM5KwVfW2wNDqn:8V8zoGrSFUKuJx8xMsxaxV1gQVfWND8

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u8yc

Decoy

nutricionclinicaveterinaria.com

deployinghigh.com

buyulever.icu

stevencarter.love

creditcardschoicescandot.com

frangeskvor.quest

parkerstagingdesign.com

complexfund.com

aanikin.com

goodearthteeco.com

slouchsofas.com

smilebrain.club

launchyoursurveyfunnel.com

grandcazino.net

aminsfy.com

typingform.com

buten.xyz

vicinaathain.quest

opusludo.com

toncekovpodrum.com

Targets

- Target
  
  New-Order,pdf.exe
- Size
  
  749KB
- MD5
  
  aaaf770b9da9ed45ca73b495eb6221ef
- SHA1
  
  0031c174a1dcae63a5aa259dde8e3062e17a68bd
- SHA256
  
  9ff1a6a0e9326633316aff39f81d9e4a132db16fee4acc1fb25173fbe7d9ba7e
- SHA512
  
  213d19cb5abd83bf2eb903887856b182d8111e857b9dd9a0eedbcef4c945290108f3904cb95d04595f1b19227c494d28a0b202d3b2dc3dcc6db9c17bac479695
- SSDEEP
  
  12288:mby0chFFQWNA0CsK+JBVsqit9vkpShrKvjZKnkmGDtoxKPdU7OVH8dz:mbHchF91K+JBV8ZkwhrKLMngH+OVH2
Score

10^/10

discovery xloader u8yc loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2