xloader

General

Target

cebd1ec9af2345988d14f863738d097c2eb16096bb688acb89bd4167f702d9a6
Size

411KB
Sample

241121-ytlz7awmgx
MD5

b31de196e84192af6805c78bbe8cf5f2
SHA1

749c43d3dceba54c729650f515657451bec56bc5
SHA256

cebd1ec9af2345988d14f863738d097c2eb16096bb688acb89bd4167f702d9a6
SHA512

b078f681a56edd33864b92862ae4876ead31ed969406ef870f74809b1938cb8e983f8b72c99093c11ee69c09fa5c9b4624f1bbabc7ff409a20875aabdfc78ba0
SSDEEP

6144:gOlEIreTXA8lFCdG+nbiRzLsxj06W2096jsGpDnnD1dwq1EZ3yW/sCyI:1GKeM87Zw3W2096jDpDnnDOZi5I

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

3voa8

Decoy

artgamble.ltd

schoolq8.com

cartaporte.digital

vinetes.com

maxicashprogfd.xyz

motometics.com

uperiousa.com

chipwaterfrontresort.com

worldspeeddriven.com

thedefiantheathen.com

apurvamehrotra.com

dhaliwallabser.com

cheapestflightsindia.com

rs23.club

at247.tech

flypilotdigital.com

ruiheedu.xyz

lazarotools.com

heistick.xyz

precisalogistica.com

Targets

- Target
  
  E-Invoice No 11073490.exe
- Size
  
  628KB
- MD5
  
  b6ff5bcf0679b7eb84b8c555c75e084b
- SHA1
  
  1d239a9a29f315832324795cb9c9a783bf420c26
- SHA256
  
  302f8d5292f11a4fb79650e41ee803bc2a0ff6a79666f39ad6033c4827eacba8
- SHA512
  
  147e3656519006209e6380f3a6e01f1011e4db49b4a0569465b1a29819ddfd1b7c3682ed56f82be0553bc7135cf351ad02ceea1376d57b3bdf9fc42e8d9ced60
- SSDEEP
  
  12288:C13Su/Dwg9Y0kuBXHyLA5ePOnhEWIlDr:CNScMWSOSRv
Score

10^/10

xloader 3voa8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2