xloader

General

Target

6ee7a202d657706b8460a038ddf8d730eeff233bccbaff7e8d65c3c4bfe9f6fe
Size

281KB
Sample

241121-yq4qtszrbk
MD5

5f168019cd420c0102477ab634795911
SHA1

23725de3c7ecf33fc7b19ca3931d0964f74a04f9
SHA256

6ee7a202d657706b8460a038ddf8d730eeff233bccbaff7e8d65c3c4bfe9f6fe
SHA512

4dc20fc33ea6f8cfe9acb95a977ec3121c6d5a02f55f9229fbbfb8a886e7dce154525dd76938c2d58bc55acca276e26fdd264752789e7a9925edac62e236579d
SSDEEP

6144:VLDK9FMrnrvjYDqGI6FcUwtzR0xJhoie/iU0P8:hDK92rrvjYTTcftzR0xborapP8

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

poub

Decoy

my-access.cloud

tcmylg.com

theemployeesolutions.com

mawanstory.com

themarketerz.com

negoking.net

dridgebaseball.com

instantbookings.space

idoocam.com

showfunds.net

walletsvalidationconnet.com

e-scapes.ltd

itsoizy.com

176821.com

antiinflammatory-diet.com

esloke-1.com

plumbersincali.com

intercitydrywall.com

cartwheeldesigns.com

griffinjamesdesign.com

Targets

- Target
  
  Payment Receipt.bin
- Size
  
  363KB
- MD5
  
  5d409547afd674af8eb515fc842fb646
- SHA1
  
  0a2fbdea88e1ad6878d2d8bb2e22dcb12d724b02
- SHA256
  
  dbbff1e34097a4a94e305fc34db136f9f2558f577b65155d3a90d3663a2a9663
- SHA512
  
  fdb4a03a70140596242eca8d2a79671cf372c43d6bd4fecc5bb713bd1bb7c70259b401349360a22d0da6cd0d9cc3ade0232e2c46faa877f8f6685eef41be384d
- SSDEEP
  
  6144:VBlL/kE286EZd0lsHJgmPcaauxE17N1y/eucOMBhtvgBMmdiEhVKUi:D6E28640lspbPcaJKFb4+DBhtvAMmcw8
Score

10^/10

xloader poub discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/zmdtm.dll
- Size
  
  100KB
- MD5
  
  d4b3308970835c85d3d24ad2f8ee3b4f
- SHA1
  
  8a3722200f614f37a0a446c36df6dfcbd26ae138
- SHA256
  
  14c94199dc9e370703b5579066d6b34a2055ab97fdf2675dd7ac8ec3616c3137
- SHA512
  
  72b50aed7860dfa674a34e52a75b6a9aaf3529f4a8dcc7a622f5d00970855dd5cd70a0e9699fd9b79acdfb9a06411ecbee26c471e6a91e67851464dd7b4ca240
- SSDEEP
  
  1536:gF15tzIksRHS1oD+ajCWmzx3e6fch6gqZ3ralsWjcdWRPbUK7xkm75Cm:gFDhWss0YKWRPbH7uol
Score

10^/10

xloader poub discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4