xloader

General

Target

9970eba38e5e7952be87aa4b2e3c8469eee16dfad3e788f88c6b9b07bf49b24a
Size

293KB
Sample

241121-ytaxxswmft
MD5

5d9340c91877bbe155ef607f75d50e05
SHA1

25ba2c222817a2372c23a0d1c3997c1e10db2528
SHA256

9970eba38e5e7952be87aa4b2e3c8469eee16dfad3e788f88c6b9b07bf49b24a
SHA512

61cccf5d2b75b2cf383aaed0b0da0c4c0ef04f5e24969ae7cfb0e5c06e8b33833115383976a714371384fd9cd54999065241755b6263ae5175018fba8e9cb027
SSDEEP

6144:n0Rx1kQTM0Z1fJ9XhFdk9fBqe4Q8S0Om9Dh0thNRt3R854OD:0Rx1WUR9xFd410d5CtyF

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

op53

Decoy

salamdiab.com

pysznepay.com

braktonem.quest

z5jgazn.xyz

jungleking.online

for2play.com

organizedkay.com

bitsgifts.com

autobras.online

paghosting.net

waltersswholesale.com

seculardata.com

hsa-attorneys.com

genyuandl.com

metalcorpperu.com

jasbellyfusion.com

weddingtowifepodcast.com

69xibao.xyz

dsp-energe.com

jantfencingandsheds.com

Targets

- Target
  
  f42692e58c63c0e14de4ce2bb31a92cb1bc5dbb11d0989f1619778fd4b7e2c5a
- Size
  
  367KB
- MD5
  
  2818c9adb483309e0d5b2515b41a1507
- SHA1
  
  6f30bfff6c27aef73be247dfd2333b6845876afc
- SHA256
  
  f42692e58c63c0e14de4ce2bb31a92cb1bc5dbb11d0989f1619778fd4b7e2c5a
- SHA512
  
  b8b212bf7f7d0f28608681a3a65ec696f1f302aefc8fb1e37ff53df07e6b3a7a3a7f5650ddd0b897f7681a892129feebebc968deddb279c1808a7154d1128b19
- SSDEEP
  
  6144:TGiSUQepf9SGF0VBfXxG6xbXKJArYr0hOZg2guur3Hw03:mUd132BvIObXKeYohGLI3R3
Score

10^/10

xloader op53 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  tppxqd.exe
- Size
  
  114KB
- MD5
  
  3a4bc4e7fa9caf7ebc996222816d9ec2
- SHA1
  
  15e37286a7982a35092559743e7a2aadb2300a64
- SHA256
  
  56cd59981b0b8cf25d7d51c96b1cba9e300bc002a01030a08eb58ea30c015ef7
- SHA512
  
  26c6481987b859922c504fdc353cc1819943d9fbecea38cb01b0c708566788aca4fa5ff56c3e8f7a12be9be10dbbaca517f7423c00eb79d494cc83996a67b448
- SSDEEP
  
  3072:A28njJvoy4CBdK/v+rm2LM+bGqEc1oQAoo7tB1cgh:x8njCJCBdKH+r2qEUoQ2
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4