xloader

General

Target

56fc032f01f1a56742252b555ba87fe14854dbb014f71e23c05f375ea7d80605
Size

557KB
Sample

241121-yv2f9swncw
MD5

dbd5bc258b4020515b206257832d4561
SHA1

9a7c7d1296a151c2be0efa53b6160a39ac232d36
SHA256

56fc032f01f1a56742252b555ba87fe14854dbb014f71e23c05f375ea7d80605
SHA512

029d3cde49c81260808b25343d359defb1313fe8624a8342bbc8ee910aadc9b751dd76ad1496fa7f8df29e48128a8f02c48863b828ce554ce4924746adc24f3f
SSDEEP

12288:LPhdyhefcVQYJlpXZcWHeT6iewIHDMkD5kpIY1vT6qbLjKz0VxEg:Lh6uIQY3pXZcG6bewwIk+uYRGq/+gyg

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

kije

Decoy

apyturkey.com

mgthehandyman.com

dick-kick.com

burntflare.com

amsecvault-services.com

moot-art.com

podemosleer.com

you-success.online

delbellointerior.com

polleriabrujas.xyz

yorkingmoroow.com

songlong8833.com

562erf.com

dhozeaccesorios.com

citychurchlloyd.com

rift-ralley.com

healsbox.com

domaindonuts.com

elversonpet.supply

texasmr.com

Targets

- Target
  
  An Urgent-Enquiry-for-quotaion-Petrogas Agencies Power Plant Project Abu Dhabi-47574.exe
- Size
  
  706KB
- MD5
  
  16d5446ad4d79662113a4e8a669b896d
- SHA1
  
  dbe94c4fa5e7eda91e40480a8ce4d6ac5638b8a7
- SHA256
  
  d55802936c5be4116efa2f7e18a019c1adbcd8cc7c8e9682eb3f4ae5bb3f8da8
- SHA512
  
  3463d75a008ba0db42b28d0f1493efa1f740a8bb0982db1ad348ed61d4035e15313b2df0b0989f108c8fd20c5745120421eed9508a6b7ca3fe3e8b93957d8835
- SSDEEP
  
  12288:Q5oWJlP2jj5HxpyxL1D3pQKfK/aoppiyJ5bLBnB6w6:Q5oWJgj1a1DZQKupLNBBY
Score

10^/10

xloader kije discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2