xloader

General

Target

f619fb726d311b2033a309fed7ab9ef5edbab6b26a2cb9ba03246d3be86d6dbc
Size

1.6MB
Sample

241121-ypkxbszqdk
MD5

7c41da01bba32ca716c39e50804fb36c
SHA1

6d3b4a5a77d873e4be2776bd830f5a6deeba586f
SHA256

f619fb726d311b2033a309fed7ab9ef5edbab6b26a2cb9ba03246d3be86d6dbc
SHA512

33d0698170eabe7f80023010c6a404cb55abd8b0f677bf28e22746bd42453ec3fec274deeaa51f9ce0afa507aec9f6952f6ad4e5b6ac3931b26c4ee57ea7b9a1
SSDEEP

12288:Yszf287Whiwuo3hqUxX7FklStMGlDHwvgiuHL1QqVrV6Tbk+nKe:YUf2JhLX7Fkle5DHjHL1QqzKbBJ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

jeiq

Decoy

casuallyso.com

mismirasoles.com

nunostacos.com

zboubdiel.com

eternellebynh.com

radsum.info

sddianshang56.com

citriodiolspray.com

khoza3a.com

reelhooker-phuket.com

pumpbrokers.com

wallstreetbnb.com

realestatewithtiff.com

rockstarleading.com

goddesslovebeauty.com

zulaolao.com

openwateradventurers.com

xn--zqsv0e44iqw9c.space

lingxiaojiaoyu.com

wetrabbitexpress.com

Targets

- Target
  
  PaymentConfirmation.pdf.exe
- Size
  
  1014KB
- MD5
  
  f2a0c0fca9e437943ac26f4a5a550c3b
- SHA1
  
  a564eb697909bcf14793847e6d4932505484cfd1
- SHA256
  
  ad1fd339fec0509bf7e080d05d7ab6d4a2e66c5a6c6e2ccb28d3452852fea15b
- SHA512
  
  1a2f2247419d7575daeeab51012049f512c7900e5f05e654f79c8d08e3baf6d239cc1020ace6fe1ace393222bd70d2e4539e13abbe10575987da7c253e244074
- SSDEEP
  
  12288:bszf287Whiwuo3hqUxX7FklStMGlDHwvgiuHL1QqVrV6Tbk+nKe:bUf2JhLX7Fkle5DHjHL1QqzKbBJ
Score

10^/10

xloader jeiq discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2