xloader

General

Target

2420028d36da51aa0dae20755b04a555fd1fb943900b92694dd07b98a240fcf8
Size

330KB
Sample

241121-ysdx7azrfk
MD5

1aed40a6d6905d5925b73ed69e2abe5c
SHA1

9db9a82acad118dc6982aebbeafad0da4275761c
SHA256

2420028d36da51aa0dae20755b04a555fd1fb943900b92694dd07b98a240fcf8
SHA512

d081ffea933add3fc01fa413503a28c4b7ecbcabff7adecaa7be2b827de87b116e9b7c5d30c402a2a70a3bdd42590c604ff8c179f2135df71c461aad2618c65e
SSDEEP

6144:rGiWFJ+xCSNOoUApGXSgXra44WmkXOf21pNvdwSnNZ6hER+LtZwNANh:mc1peSyJTmOOydwSnNghEUN

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p2a5

Decoy

gorillaslovebananas.com

zonaextasis.com

digitalpravin.online

memorialdoors.com

departmenteindhoven.com

vipulb.com

ruyibao365.com

ynpzz.com

matthewandjessica.com

winfrey2024.com

janetride.com

arairazur.xyz

alltheheads.com

amayawebdesigns.com

califunder.com

blacksource.xyz

farmasi.agency

ilmkibahar.com

thinkcentury.net

eskortclub.com

Targets

- Target
  
  2420028d36da51aa0dae20755b04a555fd1fb943900b92694dd07b98a240fcf8
- Size
  
  330KB
- MD5
  
  1aed40a6d6905d5925b73ed69e2abe5c
- SHA1
  
  9db9a82acad118dc6982aebbeafad0da4275761c
- SHA256
  
  2420028d36da51aa0dae20755b04a555fd1fb943900b92694dd07b98a240fcf8
- SHA512
  
  d081ffea933add3fc01fa413503a28c4b7ecbcabff7adecaa7be2b827de87b116e9b7c5d30c402a2a70a3bdd42590c604ff8c179f2135df71c461aad2618c65e
- SSDEEP
  
  6144:rGiWFJ+xCSNOoUApGXSgXra44WmkXOf21pNvdwSnNZ6hER+LtZwNANh:mc1peSyJTmOOydwSnNghEUN
Score

10^/10

xloader p2a5 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  sktwcrbcw.exe
- Size
  
  168KB
- MD5
  
  e0e19fe43a0197178e47411ecac579d9
- SHA1
  
  df75c86efc582b3ae29dc024f1daf6355a039ccb
- SHA256
  
  9c9a983c1bf4fa89f56449f43b4cee03f21c707e517da90ee010d43ccb451388
- SHA512
  
  ce1792cfa792130031e46888bed40ff70c3c1d5713d99daae220c598d8705adf7367638615081db9f9b50e41981514a36eb5a554e5373ff6adc12c73869f8800
- SSDEEP
  
  3072:pORNym+dox03cMBQhqyo0mh2+WBBO08cs7EMBkeqCBW8:pNdoxYccQhqyo0q2rBBO0YoikNCo8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4