xloader

General

Target

dfe575e0e504a2d2ea98530ac665d5bed5e0dc901a20b513289f1bb40e00065b
Size

301KB
Sample

241121-ytq9xawmht
MD5

617a044cb288a81d9a89e43ef3b10119
SHA1

1a6b9d6febc586715712a2445f1913d844a73b16
SHA256

dfe575e0e504a2d2ea98530ac665d5bed5e0dc901a20b513289f1bb40e00065b
SHA512

4d3d72bc6ce8af39a91ec82660d5b9f66128aaeda93935db359997ac36b409b39b590bca4188c69d38a116dcc2d8f2395cc5b5c9469f574523eea65f809321de
SSDEEP

6144:PucCbxFpk/6gEJWp8R94bei+QCfeVKrStkeAKaFt6h+0uMSmK:PurxFWTEJWp8R96SeUr5eAvn0uMSmK

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

w6ot

Decoy

zerodawnprime.com

chunhejingming.com

estrellafiamma.biz

meetbotique.com

westernghatsstudyabroad.com

madysenlenihancoaching.com

c2batlrjm05uzzjnamm8627.com

sasamamai.com

softcherry.club

iputtbetter.store

sointuboete.quest

mahadevwardrobe.online

goedkope-ladegeleiders.online

g3taquotea.info

987vna.club

justdodge.net

b95202.com

dwabiegunyfotografii.com

entrustqlxorx.online

busineschatcom.com

Targets

- Target
  
  f6f0605ad0d43fbc77adc372198d2fd9768b93fe51f3fa050843fc4293050e84
- Size
  
  449KB
- MD5
  
  0d8bfc7c89bf7e0a94ed8cf9b7b46929
- SHA1
  
  d0a103769bcbabbbaa6f5c15dfb28f36a3575aaa
- SHA256
  
  f6f0605ad0d43fbc77adc372198d2fd9768b93fe51f3fa050843fc4293050e84
- SHA512
  
  18813ba2ffdc9517c7cd2a918c5b51d7ed5b60b0f1b65c5e5c524bc98d82b7dfd2b6bf1e74dd30e11ef8fdbce583fb812eeb39b88d92c648d097102e71a00dd3
- SSDEEP
  
  12288:qacFoWoWoWWoWyFip5EJWp819uSUUrFeABn0uMSRf:qjoWoWoWWoWyFBJG819UUrMAdjbf
Score

10^/10

xloader w6ot discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  yqhhtdxak.exe
- Size
  
  118KB
- MD5
  
  1eb006bcb7e588f1e2be72989da84baa
- SHA1
  
  6c5231c0d131eb50d78107843369ccd291a8f4fb
- SHA256
  
  c631eb2b09767dd4416cd03992adb1c9ad2e1d4804fad9bf88123859bb30b6c7
- SHA512
  
  d3c643d4b70d133a4c6317795249f37f1ef2ad9614823d0f9fc7a41ccb3bb9a12d9f444f8191c31e496c7b3300d000ce3c778aafb0abb5b4514f30909b0a1034
- SSDEEP
  
  1536:WfPagKDGAKkjVY14KFBER1+qmyzyDTV1X7ICfJDPckWSo6z8Qu7wKPmhCc8ksWjY:0a3JqHFiR0yzs5xdRDUkWE8Qu0cLH
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4