xloader

General

Target

06fe6437d4f617e320d87412411eab1405a2f0e3db836f748e9f2c925925e123
Size

304KB
Sample

241121-yvm9ms1jer
MD5

d55b7beedbc7bcfc710132964a618298
SHA1

f5e41dcd038f73af16ab78979cc4ca704fb66567
SHA256

06fe6437d4f617e320d87412411eab1405a2f0e3db836f748e9f2c925925e123
SHA512

f1582c4bbc53c092a3e3ee883aea8ebca011a6040d1d435aebe3712f7929fd434b62a112b6b9d32a7eab453b7b44dd460ace427e875a059dfe8919f69567d458
SSDEEP

6144:3Qk5Nll+IAvGaNhauT4ua7nFldQ2GEP5NWhfDZj:lF+Ga7aQarF42GEP5khbB

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nazb

Decoy

polypixelarmy.com

dppu56.com

prayrowan.com

favoredysxdmg.xyz

swichkickoff.com

suddennnnnnnnnnnn06.xyz

your-own-vpn.com

ban-click.com

digiblogofficial.com

frugaimoms.quest

longoriaamanda.com

moonelegant.com

americanpawnaz.com

riverflowmassage.com

theresnosomedayinbadass.com

sacredsolomon.com

mkperfumy.com

yavastudasuda.net

votewhosright.com

lovetoconnect.net

Targets

- Target
  
  3db51e29aef16473b5febc21b1f3a8024c8da7c2b7f5600fbc5324713f5fd7c9
- Size
  
  315KB
- MD5
  
  fcbace1d61896c77315c37d60ac0e8ba
- SHA1
  
  c5a943c52d2479b2acf25b74318cc35fb7463ce3
- SHA256
  
  3db51e29aef16473b5febc21b1f3a8024c8da7c2b7f5600fbc5324713f5fd7c9
- SHA512
  
  d3817c88a7981b6356d43695d98ac45613d2f5708a31e9cfefe574bbce0d5b607d75b8935b7c712d8b00ff8c24a350e2f1920cdf143d427026c750af14354a9a
- SSDEEP
  
  6144:TxDXn5Nll+IMvGQNhauH4Ia79FldQ28EP5tWhMDZ7:NVFiGQ7awaJF428EP5EhAV
Score

10^/10

xloader nazb discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  zqmpr.exe
- Size
  
  168KB
- MD5
  
  ce74b4dac6b9802e4706f44a435a039d
- SHA1
  
  592ec006650f8d45a6082cf4d13644133208be35
- SHA256
  
  d5604be362dd75dd20212e628dfbf6eb894e0ed6dd4e31aa09b50fef60dcdcc3
- SHA512
  
  5fc8a5f9719f7f258594b04d10a172899b470c1ee06949d9e9a1b2c8a4fe0d0472c5feec62271c4c0ebe27caa0fc704992ca0729d952a92862cf2746621ec6bb
- SSDEEP
  
  3072:ic4Horf5X/n8eXZHTFGAfU7VKXHGHggYOdDUbGZY:i3y1/n8YpDCVKXHGAg
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4