xloader

General

Target

18716438acba2b561bea9540e95684f7730690fc302fe0c354c778a9ddffe3df
Size

624KB
Sample

241121-yph3qswldw
MD5

80d6bc0f08977b8ab0e2c2ec2b7532d9
SHA1

7ac57360bb6cab60be02a74abd7d63dc0d35c02b
SHA256

18716438acba2b561bea9540e95684f7730690fc302fe0c354c778a9ddffe3df
SHA512

ed1314e17f4173a060db04be270657dcd8a9acf4e317ce7f1a033d0112828dd7c71261698b0bb16ecdd8e3b2f4c65a6b0e5d1156bd5683c3ad5f257fea8201d6
SSDEEP

12288:AAXCF1d7DELSa9tjxxlNT7cMguLEKgwuyXeqpuESndEa5WYMwoXspoWxvuDK9HFr:jmd7DaHxlJcMVLCCXj0VdIspoEvuW5Fr

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

snec

Decoy

sacramentoscoop.com

auroraeqp.com

ontactfactory.com

abenakigroup.com

xander-tech.com

cocaineislegal.com

carbondouze.com

louisvilleestatelawyer.com

sundaytejero.quest

arti-faqs.com

thisandthat.store

biodyne-el-salvador.com

18504seheritageoakslane.com

mfialias.xyz

whitestoneclo.com

6288117.com

oficiosuy.com

autogift.xyz

wallbabyshell.com

chaletlabaie.com

Targets

- Target
  
  Minutes of Meeting 23.10.2021.exe
- Size
  
  689KB
- MD5
  
  491dde53e267c765b4d8bebd697ec18c
- SHA1
  
  fc00a77492a1a824965a730a1144b1360ac18b96
- SHA256
  
  2c32280be865e3af57719b11ea9b1fd1c6e25f6a7292fb4f0932cd6f1c231ca1
- SHA512
  
  c3b5a3e3dfb83b022aaeb4c5d26b163aee21d5c8efbf7634a18e5fb13a81b299f516321d0cee8f5da529856c8897d440d58a63b94edc3177c3b52653fcba7ac7
- SSDEEP
  
  12288:tvT5YzAPrjLd2aLXSSp6RSsv5i2xzFA8I2kPbVdVKTdyPH3:5T5YzAPPBlXSTSk5/xerppdVedqH
Score

10^/10

xloader snec discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2