xloader

General

Target

90ab4fe0b7564a926e0559121ce67efd73bb8dd52c5a285da1d86b646b8b03c4
Size

189KB
Sample

241121-ytz7ta1jcr
MD5

6e0ec6decea96ac97ee10e9d240d8c51
SHA1

1b46ce5fdd3517c74671192415552e0e296fcebe
SHA256

90ab4fe0b7564a926e0559121ce67efd73bb8dd52c5a285da1d86b646b8b03c4
SHA512

1b3306b7ef2688f7084131b176e6692dc029fa66f1f12203fa3f206928ffbc9a50a001e082d5c652c6dcf501b938cf22c961eec08fca7d33df18204914ad3633
SSDEEP

3072:Tg2dxHpEOX6CFhji6FNx37DPyuDQPcKNt4Eu7yY2mbOvT2AL2WS9XwXnDwv:Tgkf9rLpTKNtWx1ObysDg

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

xgxp

Decoy

sin7799.com

konkondwa.com

fixmylot.com

redbirdscottsdale.com

cotcoservices.com

jonwcvxw.com

scotthaeberletriathlon.com

bob816.com

pinukimgood.life

ambitiondurable-ce.com

jioholdingscorp.com

thisisadreamright.com

asaptebal.xyz

sloanehealth.com

huugmooren.com

birdsbarber.supply

albeider.com

theperfectcolour.com

alibabulilmhouston.com

chaing-list.xyz

Targets

- Target
  
  payment details-0009854_pdf.exe
- Size
  
  201KB
- MD5
  
  73f64c2d2a77870418cbb9c6021938c3
- SHA1
  
  50eb5f2aedf4637402c525f0a8276fab17160798
- SHA256
  
  517766489500ccff5f2237f00bca12e41f6401768bd0e577e088cb4a2a5e3703
- SHA512
  
  3a63f497609d5180ccaea7f3298054c237d4d63df0163b0b8a54ee4232856ad24522527b83ea141ea79bdeffd9cd1ba17444a4b09c731e6dc3edfb5eb8e84c8f
- SSDEEP
  
  3072:HyewmN4skJ6VJtmOnEUgOxbnw7qfu4CkvKTh5LK4+glMW1DZwaDunXnH:HdBJtmOEU0GW4COKTh5u8TDwbnXnH
Score

10^/10

xloader xgxp discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/mcubau.dll
- Size
  
  5KB
- MD5
  
  2ba43f6b8df6085a174eb44e5c3d9bcd
- SHA1
  
  ff2b5f680bb972f116e41de8e2a9cef6b0cad9ab
- SHA256
  
  59d449a56897e850dcd276ad817fced403f3318cd9c08e1d7c70ed96db7092d8
- SHA512
  
  a72f4f5b3297530478e4d37b63b7e673962a405e2f2d58dd539ee5ad3509ea196cb4bafaf8e09cb584e7ffc4972de709e732e44bc38dfe454d3b65a41a99524e
- SSDEEP
  
  48:a97yH52gMWZhfChEsHIGmEsH/Gt4BKiZ/seNkTHfav6yYZmEeSRuqS:1H9T4IGN4/GCBKxfQKuix
Score

10^/10

xloader xgxp discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4