xloader

General

Target

7b3bfc65ac7152cce25cf081d9664f7d67912c5476c81cad7a380f761e3a03b5
Size

218KB
Sample

241121-yqbp2szqgl
MD5

2093c56a5c25b6f179afe2de53596055
SHA1

0e922312243989b27b173af4fb3bce0836c75b02
SHA256

7b3bfc65ac7152cce25cf081d9664f7d67912c5476c81cad7a380f761e3a03b5
SHA512

33a2f8e4c18c5b4b12acfb969f743198508d6fd72a9afce14c7fcb826a540d6f6ba5b82bd660fb4618d60d247ec583d6745923a9b62669bb7d9a60d9456fef89
SSDEEP

6144:Np8M/pkMJxbnEvUnOpHhnfTmAufGD4EMC:HrxkcBn2lTae0EMC

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

tuad

Decoy

luckycatcomedy.com

randomizedphotos.com

revisioneye.online

maccounts-re.store

quant-inox.com

yunzhouxf.com

storyqueen.online

momju.xyz

olodo.xyz

cclbeauty.com

funfoll.com

tomroosevelt.com

flixly.network

teruten8118.com

steaksandribs.com

thesustainablehippie.com

giorlinag.com

bickerstaff.xyz

14kfinishes.com

sendaisega.com

Targets

- Target
  
  d792fce0604dfdc19ca20c9614279747dde1db7c7676dc05f4b3fb57371bd94f
- Size
  
  231KB
- MD5
  
  a5cf2da4b8e2da3344041aca44c7758f
- SHA1
  
  1cf6b71f82329a596b8b5e260642d87e2b6cc589
- SHA256
  
  d792fce0604dfdc19ca20c9614279747dde1db7c7676dc05f4b3fb57371bd94f
- SHA512
  
  a43cfde76f345991d93a063f6293e7b652e370ef3cc666d09c3e7633e4d5181c6f5af1141f1517318be90c008891b61654c3293d12beca0c656caa158c4f7514
- SSDEEP
  
  6144:HNeZmIvj8f50yXpXKl7QO3Z6tZMWz7gnAo5y0:HNlIvjAb5XKxZ6jrg
Score

10^/10

xloader tuad discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  ajwid.exe
- Size
  
  75KB
- MD5
  
  f5a8c28b6e248b5659561e38d470194e
- SHA1
  
  cbd1de347792a8e6af98f18f2b25874fa0a3ae63
- SHA256
  
  5e570f5d793082ed4917eb4a955ac0ffdb5c10dbef53d663b8ed84e2820db7f9
- SHA512
  
  7ad2e97b30a65c259c0217c440fc16daaf8fd542a71fc9c1023a45381774bd8796b8ef80a72bd4d212663f9f911f9491b4e76cf42277dac84437da93c1155ddb
- SSDEEP
  
  1536:mKpDrgwFqFTzvLxbXwTQ6eh643Ybg8jX5cc3MDsWjcdKh:9FFYvd56OKhcsKh
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4