xloader

General

Target

2316f7a04de64e8ad75ffb2eff38a6659a8260e9cc442ce4969f6f929b92ce9c
Size

210KB
Sample

241121-yq59nazrbl
MD5

89c4463fe292375d3b1d9ee1da39aa71
SHA1

933c623426da6d6285d1e413a78e3d6b1ca8eacc
SHA256

2316f7a04de64e8ad75ffb2eff38a6659a8260e9cc442ce4969f6f929b92ce9c
SHA512

6e5032b76098f2c5662671988ffb9c7a3a48522507a584cad63b65085c2eb66cbd66c0d414628dffac2ec2fc76ca3b9cd6e33cf5b7b6bb2399fa6b267cfec8e1
SSDEEP

6144:ni58oqrkA7eumr3EiCcDeHbKgdrJ2lL+ed:i58vrNeSvbRJWDd

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

um8e

Decoy

theypretend.com

hopeschildren.com

kuly.cloud

maniflexx.net

bedtimesocietyblog.com

spenglerwetlandpreserve.com

unity-play.net

bonap56.com

consciencevc.com

deluxeluxe.com

officialjuliep.com

cttrade.club

quietflyt.com

mcabspl.com

lippocaritahotel.com

tolanfilms.xyz

momenaagro.com

slingshotart.com

thefoundershuddle.com

mobilbaris.com

Targets

- Target
  
  AKG Upgrade Project HP Flare Tip 2018-08311SP-01 R1.bin
- Size
  
  224KB
- MD5
  
  eded69923410a35211acdf7ead546176
- SHA1
  
  7d7d21811770a91faf312b3d45d07a38586c6a42
- SHA256
  
  c75c953e098f6999fd4a1674f4fd325d538502aead639872dec4cb89ca3ffee9
- SHA512
  
  282c20aaee310380a5572f5eaef2fab787625637d17fda2f64d2aaa227b0d389e9eecd6efeaa1feaafed043cae176a6157d5209db79ac8faaa698a297db96e88
- SSDEEP
  
  3072:s3jqjLX1DLPcIMC0hrrwxJf61LUZPexcF065ocY1GNwZgKfUL5HFzk2L1xUq/ULY:sTqjFoDr8xqifSc/dQeVXL1uqeNU9Nx
Score

10^/10

xloader um8e discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4