xloader

General

Target

658c94d14c8b62ffd8fca85a0c80b3839dc978ed40c95ec78c646603b339fda3
Size

338KB
Sample

241121-ytynzs1jcn
MD5

d9f50270ff294e00c56fc901549779fb
SHA1

7ce7880bff6eaef4c1368e0dc5e62d34f3bb6b4b
SHA256

658c94d14c8b62ffd8fca85a0c80b3839dc978ed40c95ec78c646603b339fda3
SHA512

c671ff60e5bf6f83d5799375c689cf69fea6b3e70bbea0ae1ad4a0e7879031785cf063a28e381fa893d2f609f6cdd11f4b0c9a51506f9826e4ecc26f958d60de
SSDEEP

6144:P0Wxz+XWP6XG1V0LKHfsCQi5+HQHwoUue9Kz3NZIbSBEakTDliBJ7oM:rt2WFQW/tUuQa3neSBPkEn

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

osnr

Decoy

aktemgayrimenkul.com

earthychicetc.com

domainesforoffers.club

wxglasses.com

lsdknfw.com

knowmoreaddiction.com

yorpol.xyz

microbladingangel.com

xn--zel-rna.xyz

learntogrow.site

rin.xyz

freemindsweden.com

michinoeki-taka.com

wxjyzb88.com

kaluari.com

cheapairtickets.club

raftel11.xyz

thenomadichusband.com

cocoschicshop.com

thescreamingzombie.com

Targets

- Target
  
  658c94d14c8b62ffd8fca85a0c80b3839dc978ed40c95ec78c646603b339fda3
- Size
  
  338KB
- MD5
  
  d9f50270ff294e00c56fc901549779fb
- SHA1
  
  7ce7880bff6eaef4c1368e0dc5e62d34f3bb6b4b
- SHA256
  
  658c94d14c8b62ffd8fca85a0c80b3839dc978ed40c95ec78c646603b339fda3
- SHA512
  
  c671ff60e5bf6f83d5799375c689cf69fea6b3e70bbea0ae1ad4a0e7879031785cf063a28e381fa893d2f609f6cdd11f4b0c9a51506f9826e4ecc26f958d60de
- SSDEEP
  
  6144:P0Wxz+XWP6XG1V0LKHfsCQi5+HQHwoUue9Kz3NZIbSBEakTDliBJ7oM:rt2WFQW/tUuQa3neSBPkEn
Score

1^/10
behavioral1 behavioral2
- Target
  
  7b9f45a9b587bfddc2daabc1ac2908545c53f8f453d4f19520ba68c055a3d33a
- Size
  
  695KB
- MD5
  
  292be66f8033e0674a8f407bbc81cdc9
- SHA1
  
  844348d2c63ed27bf0518fd0a067c4211c8cb67a
- SHA256
  
  7b9f45a9b587bfddc2daabc1ac2908545c53f8f453d4f19520ba68c055a3d33a
- SHA512
  
  930c6e14a518413f846b33c8ae40219e45a34a44e5fb7e622d0e4e385e017a1cce87b17e229436622f0269b9aacdc0f968439a69cc1cd193c7221edf77380e4b
- SSDEEP
  
  12288:ou4OwrIpFzib1nmQSgJHeSuxPZDulujkZ5mF:WjIpt/ZSsPZSME2
Score

10^/10

xloader osnr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4