xloader

General

Target

b9d85aa9b26d320da839712aaf063bd2430cdd3a4960483bf6119d49a284c8ae
Size

469KB
Sample

241121-yrwrlszrdp
MD5

a2b70bbe25f6ae9afc4acce2e60c20fb
SHA1

af848ac71e768862d56bd35cb7989c3b71f6291e
SHA256

b9d85aa9b26d320da839712aaf063bd2430cdd3a4960483bf6119d49a284c8ae
SHA512

281576903e1d4648b48deaa7e5737b200df34ba4163e6e6bff2ca506937f917153365ce5eaedcc4c35e71bc9f3cb7afb44d5116f0c52f14c426dc7aeb425e188
SSDEEP

12288:pbceVAeBQrV2jWRPs92JOyvCdLq6CDr6J/:FceVAjMSRNOyaBq6CDG5

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

e3rs

Decoy

onewebuy.net

polley-marketing.com

suddennnnnnnnnnnn40.xyz

pozowater.com

finaliz2rinfo.com

marblesenglish.com

ff-member-gasena.com

hqg168.com

sbeinvest.com

8038959.win

ccafgz.com

auburnradiancecavern.com

advertisingamanda.info

flowerdeliverydrones.com

xpzzz.com

elbauldepecas.com

qtwzdw.com

luvlock.info

8977dd.com

themakeupsquare.com

Targets

- Target
  
  b9d85aa9b26d320da839712aaf063bd2430cdd3a4960483bf6119d49a284c8ae
- Size
  
  469KB
- MD5
  
  a2b70bbe25f6ae9afc4acce2e60c20fb
- SHA1
  
  af848ac71e768862d56bd35cb7989c3b71f6291e
- SHA256
  
  b9d85aa9b26d320da839712aaf063bd2430cdd3a4960483bf6119d49a284c8ae
- SHA512
  
  281576903e1d4648b48deaa7e5737b200df34ba4163e6e6bff2ca506937f917153365ce5eaedcc4c35e71bc9f3cb7afb44d5116f0c52f14c426dc7aeb425e188
- SSDEEP
  
  12288:pbceVAeBQrV2jWRPs92JOyvCdLq6CDr6J/:FceVAjMSRNOyaBq6CDG5
Score

10^/10

xloader e3rs discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2