xloader

General

Target

d05f54ffa289cf6eb2fd3f34ad3efc5d6dcd9c8bc305edac5cb4738bde1852a9
Size

383KB
Sample

241121-ysymlawmdw
MD5

26f8f90913ddb1c295931a8471a3a6fe
SHA1

7745d789dd5f4ba545f0f5b915e420636bdf990b
SHA256

d05f54ffa289cf6eb2fd3f34ad3efc5d6dcd9c8bc305edac5cb4738bde1852a9
SHA512

fa013065d1e57e1c3852b7adbf22d3c2847e3e17fe2f71a901bd3c50ba7b6bc333b5b6931f9e65fd1d3e79da24372dc322008ffed61d1ea2069eddee3ba675b8
SSDEEP

6144:qUxb5ai286LZbxYu9OydEioJLbiWFN3RhvVr5+5PcAYcEemehCITfwbPsHSxc6Ul:zxk/vxYuUyui4+WFNBFVdmPBqJjIzwby

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

xfts

Decoy

dailiesplatform.com

krlanka.com

koms.info

chesslearner.com

softwarefully.com

yogiplayground.com

learhee.com

faithbook.info

pepperrefo.com

kratochvil-elektro.com

artbyg2.com

123-e.com

levelupyourbody.info

ecommercebusinessowner.com

floraseriestrilogy.com

sdyykt.com

swchof.com

huaxinhui.tech

sems-iress2016.com

vasudhalibrary.com

Targets

- Target
  
  SHIPPING DOC CICOOPLBL.bin
- Size
  
  471KB
- MD5
  
  73eb22341ce8fcc60593432d2d37c872
- SHA1
  
  9aad11376e92a7b87ae2296e1c146ef88e2b3e15
- SHA256
  
  985c930f9f983d8ec93977335ebff73b477d7aaa678c163be58714525fb9f273
- SHA512
  
  d8735d3a85a992a5e14fcfc4fa6df9b2eed7039c118cfb6536e1242b9b995b1924b97d1ad16b7f90dd692d0d06f1f262fb0828e45558d8d4ce73bc89ff72911e
- SSDEEP
  
  6144:g34P86jIlgv5aK9rj5vVFfAb04v+M4/Vf9fkhqx4YYAdCSjtDU/5hL5WwHPc+nfe:eYd9rjB14v4//f13RcatDAL5Wwv9f6u
Score

10^/10

xloader xfts discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

System Network Configuration Discovery

1

T1016

Internet Connection Discovery

1

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2