xloader

General

Target

ada96a9da34fe39d9533bfdcbb6e4273ae659d781b85051ddc67db26c07d0432
Size

300KB
Sample

241121-yt8h7a1jdm
MD5

ed1b0b4b8d5a1d57018eda72593e8f7f
SHA1

3144efd6230e07baa883fff927dbba1fcb8be1be
SHA256

ada96a9da34fe39d9533bfdcbb6e4273ae659d781b85051ddc67db26c07d0432
SHA512

c0fd0ca02898a8fadcfddbb7dfb2d201ddb904c106be98fd135133033931ae6ea53c4aae9cf266b1a5ebdabe5c427ad3d9308e7f2ecd67982ad17fa4654fc634
SSDEEP

6144:H/kJZPLf/EP4AJ7FGirTokE4wKCA5NbgKqV43ZJ7CoSTpMMAY+fQtKLef:fcBTo4AJxGiHokETKDzguZJyhAYiU

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

r8no

Decoy

unfilteredoliveoil.com

johnfrenchart.com

tenloe042.xyz

agromarketsquare.com

terbulen.store

nftaudiolab.com

thecelebrationbox.com

aglillustration.com

swiftremotestudio.com

okvip2.com

commercialroadmap.com

jakante.com

vauva-bebe.com

drawdacity.com

wingatetriangle.com

simransultana.com

sevenfigurefundamentals.com

rom1net.com

ash-tag.com

qianhaijcc.com

Targets

- Target
  
  6351ea7c0db0ddcb42351dad36f711572ed183dc_1643058866319.bin
- Size
  
  312KB
- MD5
  
  ae1c994fa4e678eb608508454db9f185
- SHA1
  
  6351ea7c0db0ddcb42351dad36f711572ed183dc
- SHA256
  
  161c148fad3646c6b7b5184145a0f94e6f91ace06dd2aa9608ab7ffeccc77ac8
- SHA512
  
  f5a3326e8fff24fb1f4f80101daf6a8c8099f3af3372f03eee8439bd1f280a455b7cddc2de7afbd26f0d6202987479f0383826b81c02647fd33cd91e5889eb41
- SSDEEP
  
  6144:rGi73BNqpoWElGLzIAVvPL1Uq7noMkkZ8bZS:vAOGLXxPL1UqTtSdS
Score

10^/10

xloader r8no discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/torbm.dll
- Size
  
  150KB
- MD5
  
  d9de61150b57ce33ed3c9d683b2fd84d
- SHA1
  
  9c4d45c19dd0acabd8879b692177891d011488f9
- SHA256
  
  0796d959a67cb5b23844aa56459df9328a497d6d8c313a1a8db1facd1882c9eb
- SHA512
  
  c4d197e0edfa8e82bee96cfa9f8addd314ded49351aecfadf51fa6fdab1fead42603b5f43f23a028de85de9dce2bc3d71a59a30463bb993c29c03f8a6817a9da
- SSDEEP
  
  3072:iETqbrkj3oSENpU+86hrxS3Guaj5QJZYdUkvqt+p8:XTIN2+xmYw28
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4