xloader

General

Target

76308622e1615a8d44165f7bb82480441a34a950475e60b009d443cf8757f167
Size

1.2MB
Sample

241121-yr6ltawmby
MD5

a3261a02fb58c54103f9cd3228fc79df
SHA1

4a231923c4fcc443854857fce40b70f0a68a0d00
SHA256

76308622e1615a8d44165f7bb82480441a34a950475e60b009d443cf8757f167
SHA512

931185869af606522fabe6a6cacf0031e8ac7db21a36eb1005f0cd59d1cff834fc7686547ccafdbec3f109bce0b2b35de8d2112b84a6d7881d7f02e9f9c56af9
SSDEEP

12288:2JMmlc9Drw8FSZCWyr72w4n4e7PWP9G0bxJLg6IybwvFSMozH9prwPRD:SCt4ZjyP2w4n4Jc6TQSMU/rgD

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fg6s

Decoy

fairshakeforfarmers.com

pierpontlaw.com

expertnomad.com

ishhs.xyz

quotextaiwan.com

thaivisapro.com

madrassat-al-manahil.com

whf5.xyz

dutchpetfelt.com

wizard-nt.store

edfneu.com

zf0.net

hbxft.com

hugevari.com

websitefast.online

maisoncb.com

lghl56.com

donajisf.com

alexandertaylorforhiggins.com

evaz2.xyz

Targets

- Target
  
  mcb.exe
- Size
  
  532KB
- MD5
  
  ce3fe162f65754238f56df135ddd43e5
- SHA1
  
  9cc55a9bc87bde222243c4fe0075288f0ede3d89
- SHA256
  
  1a2da8f660bf2273096bf34961d2cd0573eae10717e7259c30e96195d2485597
- SHA512
  
  e80e4304d3a7fc711c7d80785e92d6392fc9a4d54c0a96b16f8030fc4d48546416c771ae151c27f4de641817035a24c47095a4e05f44c13c3a30186fe9edd97d
- SSDEEP
  
  12288:slc9Drw8FSZCWyr72w4n4e7PWP9G0bxJLg6IybwvFSMozH9prwPRD:sCt4ZjyP2w4n4Jc6TQSMU/rgD
Score

10^/10

xloader fg6s discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2