xloader

General

Target

592e11609907e053f556ffcfc9a875ec74a8715c891689d318015ec32afc9815
Size

681KB
Sample

241121-ysrjaazrgk
MD5

2b43dd232c53b9dbcdcc089fea000a64
SHA1

d30f5e1d504680d30278a19fcdef5e2ca4706c8f
SHA256

592e11609907e053f556ffcfc9a875ec74a8715c891689d318015ec32afc9815
SHA512

2e75a0aca5e3a8366312f215c96b28d4f0ac095a6e45429903c419e655d14d46a976f05b356ac88ee42608bd74e6e35d3d978ee6a64a8ac2fe9017c2edd7b31c
SSDEEP

12288:rzZ4mBFtjygdFwWE3en/5K2BQuqeDSqVL6FBxjd/eo4+pw4HjF86f0G7d9:rzZT6qFwWE3EK8q6STFvXpwQGlev

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

o84d

Decoy

thetrendsharks.com

chaufagiste.com

lskuro.com

wasteconnectionsmyworkday.com

loveontrack28.com

tusder.com

now-focus.com

southerndrawfi.com

brattylipz.com

computip.com

thecreatingcouple.com

fuhrerscheinstelle.com

stally.club

leniure.com

cgoutsourcingservices.com

2055outpost.com

oujerseys.com

petsitandstrut.com

nerddotget.com

standvisuales.com

Targets

- Target
  
  PAYMENT-PO6331-105.exe
- Size
  
  853KB
- MD5
  
  b639a37ca3c7bc94ae81fc2cc4b7da44
- SHA1
  
  c13c81065409f452a424ca3620906ccda0192910
- SHA256
  
  87616feaef4b9ca318abb0c4da6f7c7b1bd625706e6217a1b2a22f9cb618ea1a
- SHA512
  
  fe70bf637a93a50a745d5cc18cbc4018ac7789135ec84baffdaac63a3354d76b461a4731ff35c177463d5d47e62dbe5e31b415cfc93a8937f78335c191ffe3ab
- SSDEEP
  
  12288:5ANXMzYSSwTLMJX20dk/FRGaBp4hu6G3RNv8eF43RR9VCZ6vHRjN:zfSwTLMJX2jqQOp6RNUeF4DxjN
Score

10^/10

xloader o84d discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2