xloader

General

Target

c9331df750653afe477b1dcd6663a80a6b579af04fc4dd50ffefd1c0a12518a3
Size

294KB
Sample

241121-yr12bszrej
MD5

c878ef274d740a3123c7dff7508e41f1
SHA1

5041f10f83a24bb13df38f36456d413299e3c200
SHA256

c9331df750653afe477b1dcd6663a80a6b579af04fc4dd50ffefd1c0a12518a3
SHA512

9c312e4599151d944245b666932602fb0f6f4059ee042f07d408ac5999975e0995f868d1d2b24ef38e51daa51880eb968428471294919ff96632c3b36608c706
SSDEEP

6144:XF+oqrfEbNBII+ErIAXl8Pxeun0yieA6O9bbwMsFnxrX1Iwr1x8nsN:XF+3cAIRrXl8Jeun0yklwbZxrXewl

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ycgc

Decoy

radharanipestcontrol.com

danye-wang.net

thgn3.xyz

clasdcharts.com

eighty20consults.com

rivian.email

paulapossetto.com

killwinesports.com

tgfwatches.com

help-sources.com

dazzlingbad.info

sgpropertymanagementllc.net

crokobos.info

pendekarherbshq.com

beheld3d.art

voipwallet.com

solideo.fail

cooperativecareitalia.com

sunlandstreet.com

carandmoore.com

Targets

- Target
  
  b3b05407428f3bb90350615cd39a4e637a6fbc4e_1637341810240.bin
- Size
  
  372KB
- MD5
  
  c447eb1a63e1feaff9de0c7a6667f9e0
- SHA1
  
  b3b05407428f3bb90350615cd39a4e637a6fbc4e
- SHA256
  
  beb008bb29bd0fc62b33e2961e016be1677f9cb78334e211bd53b21837f250b2
- SHA512
  
  26b8916630e5a8dce5a6e1d2794a0e42dc144ed460458829d45bb5797b254f0dce1060b433d2c9b7085d6c4562ba3d1fca35a6c47b15e0972881d7c131f42317
- SSDEEP
  
  6144:dGiaE286EZe/iYO2+EmftF6QrrsZlzWVpMW0resQUb5nXSWb0OiAEWNI:oE286T/iYO2+Df3xEZlzspkHJXSZ4EQI
Score

10^/10

xloader ycgc discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/fbban.dll
- Size
  
  94KB
- MD5
  
  f54a3744a8bc9947fc4f01f9595010e3
- SHA1
  
  b2e5c87d16cf29b55753297fefd6b7bab4cc77b0
- SHA256
  
  a5cf6cd784167eab65e5c2b9a57d3df96ac0d89c2ddd0743674471e42100dcfd
- SHA512
  
  9ff89e8b5234ba8fb9887fc589d4b6b334211058d9cc252a3f382d56783ea04d8524d54bc6f131bc7ad3246cd6bad95564086a6ae90042a42d441ac25a93dcf8
- SSDEEP
  
  1536:h6jveRFsu0y4UADdfD4rTz86ztZSPiOqwvgjw9dPMEW0nsWjcdvQByT:MRRvSwYDOKYMEW0IvQBy
Score

10^/10

xloader ycgc discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4