xloader

General

Target

3b687bb7ff00bb30e16226329d67d024c1ecad2b150d77b956eaefab581bda28
Size

414KB
Sample

241121-yqy6cazram
MD5

f6daefd2cca0da672528eae3424461fb
SHA1

aeef10f1b0178db9d26abeae407aff9ce783dbee
SHA256

3b687bb7ff00bb30e16226329d67d024c1ecad2b150d77b956eaefab581bda28
SHA512

ea95b364309ce3bf4c35fb24f345c8ef3df14345400fc381c70e1ac5fe479dc279870c328b55a8a89d29bad7d3e9b8540a29dc3a51820125b407b71a42c01d98
SSDEEP

12288:exmB6DRuQ+8qi9ENTkl7JEUdrt/vhyJU63yvJ8p:esB6NuQ+8z2TktJEUt/vyN3yvJ8p

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gno4

Decoy

callsecuritymusic.com

quikngo.com

gardenofbabyclothes.com

bailbondinculvercity.com

nqyaurlz.icu

sultanulhind.com

toddy-bodies.com

kom-hunter.com

theradibio.com

pageonefourplay.info

wildlifetools.com

nobleegoist.com

girlsjerkoff.com

theenlows.com

jyqcxl.com

southernbluebee.com

betfootballthaigold.com

remaxaffinityplus.net

teamlunsford.com

howtoberealonline.com

Targets

- Target
  
  Quotation#QO210109A87356.Pdf.exe
- Size
  
  685KB
- MD5
  
  1a4dab5078618aa73e827fd62edec91f
- SHA1
  
  7f9384aa3884615d11c471fd8421f689aa0f6d75
- SHA256
  
  5c7868a7b214c1173f586173731c145bf0d466e08c0ceb7a00d0957cc29c0f7e
- SHA512
  
  1b04eb5f29bfb2d5fa0588f263b2bc443d1e35ac72e2ead7207ec99a3b1041fb66583a5eafcad71558a189204fa13d3ad6029b545333b2b4bb9148bc27f035ed
- SSDEEP
  
  12288:bbBD5VoWi8q/vdA+qHcEQFv8P/vC4/yqBM:X+W3q/vy+qHcEQFEP/zX
Score

10^/10

xloader gno4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2