xloader

General

Target

d81d0615dc76dad801ab0ee2e921abb2c4f6108a86fe2967dd55293a346ca9a5
Size

210KB
Sample

241121-yvyelswncs
MD5

66fcfdcaf661bcf7ad64978a5ef2780b
SHA1

332b91c5d585cf25470546781dd68cf1d3963f77
SHA256

d81d0615dc76dad801ab0ee2e921abb2c4f6108a86fe2967dd55293a346ca9a5
SHA512

dca40ae91b91f162cb7775f4c88571633fa9bec7d2bedcde6b044174909b4fc8967fe1dd0afe2c06a6a7bd8af1d35a61b3c64abe6eb4e58dc46dbc6c6ee1f40f
SSDEEP

6144:pUGDj+PNEHGUqigAqZVqUDsxgG7GBDNSr3Gr+4b:ZjnRqWGqUDsqDsY

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

qjnt

Decoy

funeralinsurancetoppro.info

californiaredstate.com

xn--jpr220deud640b.com

playx.finance

siamfellow.com

tekirdagvethelp.com

forrealmodels.com

desenergie.info

whynotplus.com

graniteinaminute.com

satgurucolorlabs.com

potviper.com

racevx.xyz

thebluefishhotel.net

elletesla.com

4608capaydrive.com

buckhead-meat.com

garage-repair-near-me.com

ubique.works

markokuzmanovicpreduzetnik.com

Targets

- Target
  
  vbc.exe
- Size
  
  337KB
- MD5
  
  fb861097be51a4c1f963c83f6d6053fb
- SHA1
  
  75184cd1e66ccbce5cc3ff42e47c24c3d87a5964
- SHA256
  
  7834211343251375fd593b99c6d64a9c9cd90acb68d0f3970a9c964ad193c1b3
- SHA512
  
  289cbdbffa9f57d00f2654fed8b0ce6009750dc111919916f300cec1dd761bda1887fd9b2668b5a64d00dac0fc2244a2b92c5d88e8ad75adf808dd8ace5193d4
- SSDEEP
  
  6144:CHpP/LXH8RjIHp9bIYFUqQPMq9VmUDsxggqqOQhvpNcJ:CHpnjcxc/bInqpYmUDsqgeep
Score

10^/10

xloader qjnt discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

2

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2