xloader

General

Target

b6c6bf2d2d2e9471b73629040c382ccafbb4b6d4f1232dff6e6b592088ea33d8
Size

603KB
Sample

241121-yqefyawle1
MD5

6b02ce3bc0366959cd9a55277cc61ce4
SHA1

26d17fef8b850091309a3beeb23284b0af64aa56
SHA256

b6c6bf2d2d2e9471b73629040c382ccafbb4b6d4f1232dff6e6b592088ea33d8
SHA512

c84a7cb97543a3901feb08014dea28e83631a79bc2be9cc153025934cc2d9db3d849e755d564f8b621933a285ec86bffe3fa348639976beb3aca6e27f8d45e9f
SSDEEP

12288:WYonRsDeBG78Kts+iPEV5s3o4qSTdw4nKpJzEwJTzjaF:WYwRU4PX1XUYeTzeF

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gno4

Decoy

callsecuritymusic.com

quikngo.com

gardenofbabyclothes.com

bailbondinculvercity.com

nqyaurlz.icu

sultanulhind.com

toddy-bodies.com

kom-hunter.com

theradibio.com

pageonefourplay.info

wildlifetools.com

nobleegoist.com

girlsjerkoff.com

theenlows.com

jyqcxl.com

southernbluebee.com

betfootballthaigold.com

remaxaffinityplus.net

teamlunsford.com

howtoberealonline.com

Targets

- Target
  
  934fce499916c43cb7fa6b0198b18195700a5d6fadc6a716574f8eea92c8a545
- Size
  
  841KB
- MD5
  
  01e8a73c9fa00df46f55b6e3984a683b
- SHA1
  
  552d32c1a0a1990e48d27a934ecad1174ad9f283
- SHA256
  
  934fce499916c43cb7fa6b0198b18195700a5d6fadc6a716574f8eea92c8a545
- SHA512
  
  926e85f991cd7c01905252694231159be4076afcd3b32d3123916a46234dba142af9259dc8d8c461ac061587b5cc4707e3c58e5efa887cfdb061133429ac63dc
- SSDEEP
  
  12288:2KNoR65AXwgFvuSSEsjiKk7UTxjuADoP+OkOtwyFdEL4sZkvn7iGU:loR6qgu3P7kOtwz42s
Score

10^/10

xloader gno4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2