xloader

General

Target

7a491e944745baf8c784f24a8c6434aa1ed068e26bfa17d06f902419d7207f14
Size

414KB
Sample

241121-ysff1swmcv
MD5

db01d5ac22e83e1555423cb7703791c3
SHA1

07aea29cd7aa947eecd75186d94812b99b3372c7
SHA256

7a491e944745baf8c784f24a8c6434aa1ed068e26bfa17d06f902419d7207f14
SHA512

8541ebe001b048c46838a9d540ef8fe8ade2764dbf471e5fada515e9f8141757311d977e4ff57d0ee01de63032318975b9feb98fa0320e755f743264305f7853
SSDEEP

12288:pTHRNmgL7VXAwpkVo0Y3kwABFFgNdVHaO/eIrmSz:p3Awpk2Z3iAH5xrmSz

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c0vz

Decoy

barmorelosmx.com

wearablegraphene.com

lopsrental.lease

259771.com

wizer.digital

at7eleven.ink

szshuojing.com

coffsmobilebarber.com

swift-goods.com

hashstox.com

my-safqati.com

herba-soul.com

tethysbooks.com

learnwebrtc.com

tzwco.com

buzzingyhvlgr.online

aryocoding.com

yourdaruma.com

choice-recordtoreadtoday.info

trand-chicks.art

Targets

- Target
  
  RFQ101#2021.exe
- Size
  
  509KB
- MD5
  
  71fea8895516246e023034fed8e7e66b
- SHA1
  
  dc3278cfcb258ff315e4e7a1267f52bdf562d450
- SHA256
  
  998d8ff737921cf6d3bbbc7294125f872e40f7580e3ea9c81188d794786d8749
- SHA512
  
  381d79fee03af6b156b995ae58fbdc8267f6c9de473d93a90297d15d299e75d75089324de814809d32be6db1e502a828d1184eaef19afeec4573312756d35e41
- SSDEEP
  
  12288:a9cruSK3CcG8cg9oJfkDIUTtPFtA/yNGUf6E:aWKSK3W8cg6Jf+IUpPDA6IZ
Score

10^/10

xloader c0vz discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2