xloader

General

Target

57fde6ab463eabd779e138a0ef61807a8e587894d65e2a215378ab6ba9963429
Size

175KB
Sample

241121-yqfzrswlfv
MD5

0ac187f9e162bb741a5afaabe7553cf9
SHA1

4442b73675408b13c32fea896ac09a6a06e09a49
SHA256

57fde6ab463eabd779e138a0ef61807a8e587894d65e2a215378ab6ba9963429
SHA512

ac532ef2fbc5ae9649be142c3f232fc2413ec4fb0779e214ea279a6c4e4d891a13d182e7d8fc57baf424cc96f11aa175831088969db5368f140a560fd172a03b
SSDEEP

3072:ZSloIVFfYWV8LffVWnKMyPxBVQsm2HRBP97WkW554dGgdglvfoKnOrzgTgXRp7mf:ZbIVFRV8LffVWKMQJY2zpbkXoXzEahmf

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ymri

Decoy

cqmlhy.com

districtdisinfectant.com

canadohta.com

indipetals.com

zygjzz.com

bodybionixusa.com

myfoodiedoodie.com

littletinesonlinestore.com

zerofive100.com

odd-spaces.com

luxxnights.com

d-electric.com

fastkl.com

mywayinto.com

vitalpassion.com

usedmercedessprinters.net

caofeicao.com

emehciti.com

smartaider.com

ssgasika.com

Targets

- Target
  
  rev inv07014.exe
- Size
  
  190KB
- MD5
  
  279122d3d89dab6a1b1a3a44931eb9a9
- SHA1
  
  df6f4453f8540c7a0f26a69c07907b3880ef7ffa
- SHA256
  
  758e43dcb865272b3fd6830e51e6875b9eeed7ad2734f0ceb4c5915c14fabb8a
- SHA512
  
  1e50c1a2d64adcde4dadc336e1e5de7c1ac030c9f7185f45e9021c914415e676a05c89de23563d401ef853129c7bc30ca2a6fa4d181ee0c277785ca40d8d8ae6
- SSDEEP
  
  3072:iBkfJpRXATwMdFCcGb/WfMwskKgw/01e7sm1QuQ1/oUsQSI4k0ZvSJlKVhrFz:iqjIKOfHsrD/01Esm1Q9nTSfbZvwKVdN
Score

10^/10

xloader ymri discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  zwgay.dll
- Size
  
  9KB
- MD5
  
  dcc94fb3455b7726349f6b05f98a9f1e
- SHA1
  
  ea2160715cddfde302043c8f69b63a3c03bc651d
- SHA256
  
  3d3288ebb21a28f71417efa86b6a136cb37340f3542ce8e99b267c7b347f73ef
- SHA512
  
  b3d6e8cae4d6e693b7b726120627a6815d7c5f29c51be26df041edb970727548bdb961b469ed74bc767ab2e27a6be5650122e2b968e81cca0571667277bd6305
- SSDEEP
  
  192:lxRcBDJ0tI8S85DR8THYS1YNHgTs22FFVFUFF:DqBAxHzIHY0Y2TIrW
Score

10^/10

xloader ymri discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4