xloader

General

Target

64f45a6074bd6954fa0d738db700fbd626402b07e68b6e2426d7e962a4d82381
Size

440KB
Sample

241121-yq271azrar
MD5

e301eddeabc0b61c717555851d6ece6a
SHA1

e693422a89c7eb70ff30e2303b3abba8a9bbf511
SHA256

64f45a6074bd6954fa0d738db700fbd626402b07e68b6e2426d7e962a4d82381
SHA512

f149022c6115c61da6913a68abdd89511fd39aa9fcab62d7072a6f5575e1570d992328392505db666e4acd39dfec631c74177f249500761553d2e40c3c4f8126
SSDEEP

12288:rHVDS1O/FNPwd4RsvtABTUOEtcWkymogfxKEW7YXhgyicN7Y:rHVDIO/TwCsFAxUpOW5mdfbAYX2lYY

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

e0ep

Decoy

disignmagazine.com

suuteki-no-anaba.com

12daysofwriting.com

kimsat.art

cbsautoplex.com

gmconstructionlnc.com

downlownft.com

uzh.biz

joviafinanical.com

receiptsloepc.xyz

avcarpet.com

smartlifepack.net

syllyl.com

lifecoach.directory

mom-wponline-sg.com

usaworkerscorporation.com

zionnolan.com

ort-care.com

roledepartamentos.com

solideo.holdings

Targets

- Target
  
  445015adc9e5203bd1dea0c8a5e45ca4c523f17eb499c828b092f377d0315c1d
- Size
  
  642KB
- MD5
  
  329b51e6b21547ec23a60876ca4b4003
- SHA1
  
  cec566832bfbeaa23fe020dfc53f97e52619a3fc
- SHA256
  
  445015adc9e5203bd1dea0c8a5e45ca4c523f17eb499c828b092f377d0315c1d
- SHA512
  
  e66dc4b44e560079ca4f78730603bcd0d9e39881f506727f849031f4dc190b828e9e7cc6cec094bcf20758df9006a22463a84da025d5ff824a8c4f3d6ca8d4c7
- SSDEEP
  
  12288:YeEvQVtebZbPCNtml8vXfH60Q+LkA71fkFTklb1FU:YeEvQVIbZreml8nH+eeklbw
Score

10^/10

discovery xloader e0ep loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2