xloader

General

Target

6bdea0ba8978cd3080b6e1adb3dec027d9e6d74586b4afe88ec6744f77977918
Size

251KB
Sample

241121-yvjapa1jel
MD5

b9b3d021f3df6f188ed41a57a5a02187
SHA1

b86d014c4df193d04204cea27ffd79f009d784e4
SHA256

6bdea0ba8978cd3080b6e1adb3dec027d9e6d74586b4afe88ec6744f77977918
SHA512

31552b8fc2639617f19a1134d5fe65dca6483e468c8d379322e3a63d63a3d54f924cfa8c740e9bbc425a2de07cc929a2ee43d3ab539afb4f9578f3ee2dbbaef8
SSDEEP

6144:+ZHeyhvIkUPBPSac8uhAbWrrgJiF0kiPlykv2TIWQseNoy9:+oyaPNprbjQF/ilTOTIWAd

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b2c0

Decoy

bjyxszd520.xyz

hsvfingerprinting.com

elliotpioneer.com

bf396.com

chinaopedia.com

6233v.com

shopeuphoricapparel.com

loccssol.store

truefictionpictures.com

playstarexch.com

peruviancoffee.store

shobhajoshi.com

philme.net

avito-rules.com

independencehomecenters.com

atp-cayenne.com

invetorsbank.com

sasanos.com

scentfreebnb.com

catfuid.com

Targets

- Target
  
  SOA.exe
- Size
  
  263KB
- MD5
  
  baf2982217b31a6fe69abf4008f58329
- SHA1
  
  b8dadf51e395b219e7300ba5d0e95fb9d7d9f509
- SHA256
  
  40da3a76d7dfbe395b879dc9b090af73483617c65c7c433975490c0a22e4a71a
- SHA512
  
  d7aa8d2409c77e29e58ed79ca0539411e3323dfa32451f1f5bf6580f8d375a2756a7d0c0647a301fb2b002bdffad7797d27180746a4154a0c848589c0bd35f4e
- SSDEEP
  
  6144:l8LxBjFO09nfR+z/ZSGoxaHGcLFBZ/uxap1Z9EfbNdVE:0FRnfMz/Im9fZ/uwxaNdVE
Score

10^/10

xloader b2c0 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/qhcv.dll
- Size
  
  39KB
- MD5
  
  6d70c6175a3d7e78b967d0f8f349a17c
- SHA1
  
  35c22d80df2112aae34e567b6e28a3d969f23e3b
- SHA256
  
  1e22878a69afeffc681adfcb5fbb6772821bafccd966b72da2e3ba195595b735
- SHA512
  
  6472e91780238b1f47c86c5d32e238252b840619477c5c27654b99b617af123d30eb4d64336e79cb65bca6e1878c6b9d6375148b0e68ccb178c4893023eb87d2
- SSDEEP
  
  768:JMsHUlNQ80Ocx0P7+r/ti86Zs7sTHXryAm/u49o2PjK4tqPAyck5x7VCSWfNKAnr:zhxOWrODIYASRCSWfUk0H7ZJTS
Score

10^/10

xloader b2c0 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4