xloader

General

Target

c8d5f3e6a3e8652eeb94d0fc8c214bef10f0e2557ffe655ff1e3684edd565221
Size

238KB
Sample

241121-ytpq3swmg1
MD5

103eafa5713342cefc443f6f20a53e0d
SHA1

224250cf8a60e9c181cd9c0740d8ab1600ca173f
SHA256

c8d5f3e6a3e8652eeb94d0fc8c214bef10f0e2557ffe655ff1e3684edd565221
SHA512

6d913b1ebc05fe93c259acf187346f2fc362d9a99cd2690ce18908e617ecf5c32cd83c2507b410a37a892d3cc37b5d8e4ca4ad8c10c7bd538ad118490fde77a7
SSDEEP

6144:TqMWUArrh1NVdE2/vt8N77qKnLHpJG9eMrBoYLt/BXddiN:Tq7rh1dDqV75HXGwMKs9iN

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

oqxs

Decoy

northkoreamatrimony.com

we11studio.net

ekviraonewaycab.com

biakbiak.com

pdmclinic.com

biophots.com

shaydd.com

uplandpro.com

newcrestredchrisltd.com

aventuragaming.com

righteousrewards.com

pengwinz.com

ganey-hn.com

gz-bbe.com

xicauyb.com

historyfive.com

racofix.net

teetimeforyou.com

perfumeriadeverano.com

electrumkeys.works

Targets

- Target
  
  65b8d28cc93ef078954f569422e9292298e638a11a6bb681c85065c84e042bff
- Size
  
  251KB
- MD5
  
  5da62bdb6889d90f395efd87681ebdc7
- SHA1
  
  d6d8cfb0f3bec3b693b805a8bdeefe3651b6d509
- SHA256
  
  65b8d28cc93ef078954f569422e9292298e638a11a6bb681c85065c84e042bff
- SHA512
  
  5c896c8506557c8df0fe44272557e40c3c312458ceea7dfdcd8449438f6b51de0a25aa0d128c77a534142bfa1c345b65075f7e353e515e477693a75aa54d99c8
- SSDEEP
  
  6144:p8LxBntcE0yoInozz1mZOoEFmAckF5rTKqdacxIiSgIF3CFbW:EuE0yAVsI4yPbaQBSgIFyFi
Score

10^/10

xloader oqxs discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/gbywalds.dll
- Size
  
  12KB
- MD5
  
  5b7950419e981b94f2d78ba5f70b8f47
- SHA1
  
  007b19f9267c8634a7b4b488770ae1f667655c20
- SHA256
  
  6e11a5bb985683f9d03865289565124c11ce2c481a9a505866602cc950c80f5e
- SHA512
  
  03d2a63385fa404e3fec62b16af9baa3ae93c26250e3ab1b104b6bb42542a7690d182faa50c5f27e89d4a8d00306ba252a188df9109667ca964ba80640882e65
- SSDEEP
  
  192:KBGz5UZNGzZmzQnR4XrQiE+BZ2jrEQN/MOm6yD4yht/8RR0A:aGnmzsaZEpfj9nyD4su
Score

10^/10

xloader oqxs discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4