xloader

General

Target

d19fc8b6cf83a72976d27f08adf26444e60569ae977303847e6c91601c10f4c8
Size

706KB
Sample

241121-yqhhlawlfw
MD5

6f6170101a565ce0fe21231e7093bedb
SHA1

aac33d475c259639dbd533dd5efa9545aaca8cef
SHA256

d19fc8b6cf83a72976d27f08adf26444e60569ae977303847e6c91601c10f4c8
SHA512

f1c271b9de2c6d8dcc822d5293f40e2e6a685d1d652b81ca7331a854b9ad79523bed12f539257601fbc9a0b4d8aae994ceb94c8c229fa3e909aaaf5eb0e1748e
SSDEEP

12288:BFr35+BSC/gspqIVI2+EpsrI28IT11W+x5+wPsM9UEBhnbwOBSVjPA:Db55j2+eo8sL5XPCqnbw8GjPA

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

owws

Decoy

asahizushi.info

691jxy.com

richelitesingles.com

traditionalmehandi.com

germinatebio.com

568215.com

yds-inc.com

whirlpool-repair.site

alwaysincerely.com

themallvideo.com

hzzamy.com

merchasylum.net

weknownorthgower.com

zseasyfishin.com

corporaterecruitertraining.com

pheki.com

kaqitoy.com

pbzb94.com

cortopepperfest.com

texas956.com

Targets

- Target
  
  10c2c32a5a6286c37c7812cf50927dac6d83c4c07c02f9ac0456a5fabb77b602
- Size
  
  994KB
- MD5
  
  38785c25692d2ab8910fdb3bce8c10a8
- SHA1
  
  3a2bb4728537cf67f8f59dfdf55e1787fa42e79d
- SHA256
  
  10c2c32a5a6286c37c7812cf50927dac6d83c4c07c02f9ac0456a5fabb77b602
- SHA512
  
  52889645ed472eed638b24d9ef43d7efb92d3c4ed85456147b70cc9b063d2eadefaa5b87c385fd9267402eecb8285b16ad00269ac24f9826fcd545887d9b296e
- SSDEEP
  
  12288:+4o472Nawuo3yf/Yw9PHGLPcJjTjUHD+1NV0qcDGhP6/T9fRRhkfwhuV4:+p472N0/L9UPHi1n0APCjrkYT
Score

10^/10

xloader owws discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2