xloader

General

Target

f7deab8a7d486c8051ef6c5289a0fbb8e21105c0e9e8420012bfc798b234614d
Size

497KB
Sample

241121-ytfheawmfz
MD5

a51471c7a0a2dda01fbdd9c91ab2717e
SHA1

4e1d0d876381eb210604333bb621a6565ec60887
SHA256

f7deab8a7d486c8051ef6c5289a0fbb8e21105c0e9e8420012bfc798b234614d
SHA512

efc101e70fc82df1913f28be8fba4da984a9663df4d084bccd29a9b534cce5ae617f7262d2afd33613a02992754ae493815b21b74a592d621196bb1829b90f06
SSDEEP

12288:MyzJGw+koTwuPLhpmV5TlKTf4f8kJksCI64OqU7yctTgvBNDS2/SExU:MyzQNkWLPLhpWKT4BJ5CIxiltTAPdU

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

9mj8

Decoy

limaodoce.net

rawscrubshop.com

plasmalifesaver.com

littleblackbook4guys.com

emilyreiserinnovation.com

taoz8.com

68gin.com

markel-eagles.com

cinasing.com

meetingobjective.com

fameww.com

thehealthyroots.com

awaytraveltnpasumo2.xyz

megiamgia.net

kitelandpark.com

bgwoodtoys.com

slim.guide

tddfinancial.info

motovip.store

bestofmaui.guide

Targets

- Target
  
  fc9327c9c20c9935b758f802d2386624055b63c69cf71c9de004f4e963188f9d
- Size
  
  534KB
- MD5
  
  d016cff8d0370b9418c2fe87f4548537
- SHA1
  
  d771cbe33f2d8357af56bd8104fc42983dff5fec
- SHA256
  
  fc9327c9c20c9935b758f802d2386624055b63c69cf71c9de004f4e963188f9d
- SHA512
  
  4e1402d7a4af4249b110f537a921b840a5c0911a194db64aca334c3047be5e1f8033c183b4429c0ffdd8e9b84661c866e20d2dc1f35691929f3ff83b6f557dce
- SSDEEP
  
  12288:aGuHDHNo3qS/+r4SZm49kJSxDf7aL+88I9skqfK:aGuHDHi3qS/nmQCf7aLNRshK
Score

10^/10

discovery xloader 9mj8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2