xloader

General

Target

2ab1d29f9cd4a2037e40bed3d163c8821a22f486bd82ab55e01a127299e86f72
Size

701KB
Sample

241121-yv79ta1jhr
MD5

64166be1ff9ffdb8b1c3b189eab41536
SHA1

eba4485ef958f3002a69b8d100f213f6e38198b9
SHA256

2ab1d29f9cd4a2037e40bed3d163c8821a22f486bd82ab55e01a127299e86f72
SHA512

043f698ccc46c58e8ab4ca954c27db18fe65a343821475b76d8e8af8f1c4d637ead9628f48a0d61b46496a7b9b714a3616795720b3afe468dd257131324991c8
SSDEEP

12288:F/O0KFQulem2p0C66x0BT5Khub/9W2Goptzqahm/G74chSHTiZROMCC:QGulw0dBTR9WPoDzqahmO3SziZReC

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uit2

Decoy

transmutualinformation.com

northcarolinahempcrete.com

exceedrigging.online

verifiedpaypal.net

notlieu.xyz

cdn-corp.com

wz-edu.net

chaelve.xyz

lifesongcounselling.com

misterpeppers.toys

shortfatotaku.com

divineluxmedia.com

creative-solutionco.com

daumien.com

adenomyxosarcoma.com

permanentcleaning.com

bettyandcharlie.com

premium-gutters.com

shnuffle.com

trichycateringservices.com

Targets

- Target
  
  982e727a53a27d2bfbaea608209b315bc892947a1ef954033f1b29c687b6e001
- Size
  
  885KB
- MD5
  
  b8c17d08c78f88e49edd77c35b47e851
- SHA1
  
  43bb31c71c84de912fbc4b2df45df445e0fd5de4
- SHA256
  
  982e727a53a27d2bfbaea608209b315bc892947a1ef954033f1b29c687b6e001
- SHA512
  
  6489e1f5412c854d5b0b7d6761b9fe2bb5871b438c4bedc2080a9a0cc596f2c1fa2ce66e8d82c49611b973e6415214e52051db70a7af71db223fd3d8c3e79309
- SSDEEP
  
  12288:C1apH3333333PfJ55555555CaqaF0qMgmxd0C66baBTn0huT/pWygoptzU6Lm/GD:/X6TgCd05BTtpWDoDzU6LmO7SlEZLx
Score

10^/10

xloader uit2 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2