xloader

General

Target

d7e3306aa2727963c07a089ddf7a171f89d379f8fcfba1cd69baba4268b3e197
Size

559KB
Sample

241121-ypnyzszqdr
MD5

28e3643d221e7af014320da15027da55
SHA1

6074ccb5ebef507bfda990f03249d5e27d0d9dd6
SHA256

d7e3306aa2727963c07a089ddf7a171f89d379f8fcfba1cd69baba4268b3e197
SHA512

0283f20965b4e94588d990c0a224bd282e0e14dc4498c489c1bdd1f0c7a1ff320d1d4b473841e0c483453ad832356ce539949e0f172c0ee22ebffe47fb254930
SSDEEP

12288:WCrshDdu+nvLq0xRWX05TiK8efXRa9zInvNd0rCk25C4ToE:WCAhVDq0DWXciKhfXRGzIvX02TVTt

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ftgq

Decoy

naturalbeautyapparel.com

abtotalsolution.com

periclescapitalmanagement.com

pleasejustdont.com

ryanscode.com

carsandscooters.com

best-polarized-sunglasses.com

hoodshawaii.com

titaefred.com

tomrings.com

swededenoting.host

birthdaytease.com

xaydzn.com

scutganxun.com

gdzhongle.com

alossol.com

shivamshield.com

fashionnailsjohnston.com

jobuelas.com

arvopaert.com

Targets

- Target
  
  24d79b2f4a2aba518237343b7b94b817f51de0afc1e40236a4c267657b113849
- Size
  
  579KB
- MD5
  
  1f9db0137245508d4ad475170c4811f5
- SHA1
  
  7f8f0bbd941bc101a114220e4f296bd58a96a494
- SHA256
  
  24d79b2f4a2aba518237343b7b94b817f51de0afc1e40236a4c267657b113849
- SHA512
  
  30a04716757e1ba2ef707fcbeb7997922223cb6f06b3820aa1df65ef572360d6122652737eece8baa92d2b6a21e41c536be02fb6f8f4a0f529c3775018ba5956
- SSDEEP
  
  12288:mXe9PPlowWX0t6mOQwg1Qd15CcYk0We1k/IPlFQ7HqOq4RfjQtjgZSFyG11:7hloDX0XOf4uwtFjKRfjcgZSFB11
Score

10^/10

xloader ftgq discovery loader rat upx
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

AutoIT Executable

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2