xloader

General

Target

ded8c07fb7142ba39946dd3aaac2ec104a19cd919f4e7a7eda7781db6e3816ee
Size

244KB
Sample

241121-yt3yps1jdl
MD5

85d1b77e49b292efda384c4ca43836b9
SHA1

e4f9998c48220fea06cb1f372c68c2b3c56666b5
SHA256

ded8c07fb7142ba39946dd3aaac2ec104a19cd919f4e7a7eda7781db6e3816ee
SHA512

9c66e2c19aeb8bd95732c87dd0fc73280cf9182a1810fe1b1e9c7504df5a86a3b04aaaa26b952d089c4ef78bcf190885e7179c854e978cff6f6d0a34d66c890e
SSDEEP

6144:C0lIqmbTLf0GRqmTyKBWz/chTXzaU9c7l:oLnqmTqef9k

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

e8ia

Decoy

le-hameau-enchanteur.com

quantumsystem-au.club

engravedeeply.com

yesrecompensas.lat

cavallitowerofficials.com

800seaspray.com

skifun-jetski.com

thouartafoot.com

nft2dollar.com

petrestore.online

cjcutthecord2.com

tippimccullough.com

gadget198.xyz

djmiriam.com

bitbasepay.com

cukierniawz.com

mcclureic.xyz

inthekitchenshakinandbakin.com

busy-clicks.com

melaniemorris.online

Targets

- Target
  
  REVISE 50% OCTA INVOICE.exe
- Size
  
  257KB
- MD5
  
  093048c24b9994fef2130cd8457e7a4b
- SHA1
  
  f3c31eefe661b1febc80c0865af8f4fd1385ac7f
- SHA256
  
  0e803b7715385244cae58772b5b0da43b7cca6a97c5ffd182081eca8676ff5d7
- SHA512
  
  e95142b25ae3078c642df183213ed06ccb0b5b65c4b25c3844803258d8b149c3570fdd00a25b539199f44ad10877c37139e430febe304ad6860511c379d4a2ba
- SSDEEP
  
  6144:rGiHxY9gDrwfI4pppl819WDk4UQ/FENd0AVT/+yIXg:LxYMrwfI8l819Z4UsFEf0CL+Zw
Score

10^/10

xloader e8ia discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/pqcs.dll
- Size
  
  33KB
- MD5
  
  f2828be237823a888b96c7d265c0ec05
- SHA1
  
  bf3b7ee29a6ff865fd6c17fd449cca42e4c6bc74
- SHA256
  
  61591ac877c329a2b715066f957ea19c164bc78c1ffaf59c769462a689f3b139
- SHA512
  
  2b94e24a27f47cac7494cc9a876e7f27a0f9a53b1a2be5e9f46efa94abd29287edae2de1784e387f28483dad99d7af12ac61e0fe450e1b00a1c5c1cdf32185c5
- SSDEEP
  
  768:Z7FNffi2WH97ke2WdXUsx6wvemtm3XEnQO1:Znf/Wd43WdXJjemyXEQO1
Score

10^/10

xloader e8ia discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4