xloader

General

Target

e152ae72c09a655a5549a6509e7a0fdae6b203a02554b7cc6ccb345d25888bb3
Size

427KB
Sample

241121-yw6sdawngs
MD5

4581d173a478085421f5b8f302574e77
SHA1

1476573dcfa2daf1d7ac9949226e96fe7d519b5d
SHA256

e152ae72c09a655a5549a6509e7a0fdae6b203a02554b7cc6ccb345d25888bb3
SHA512

9574b242bf49d85d2bd38f60a484e68eaee76df9bf5a09db1a582bc03cea68a73d791788dd7b32213b30e735417cfe1b83d767ea15249e9629c48aac2cd96007
SSDEEP

12288:+EfyWXG/jssrEBep/06wy+UXXatbzUdFu:+T4LI/Dwy+SX4bzUHu

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bfhm

Decoy

martensromania.com

e-cans.com

solarinverter.pro

threadluvapparel.com

livesarchitecture.com

velozgroup.net

xdcasdg.xyz

parsindoor.com

orderdonki.com

jingbangjy.com

dfjdfjtriurti548548548.xyz

au-cl8.com

workingclasscompany.com

wrjunk.com

debratreesaudiology.com

nuwearco.com

theteaverse.com

quanxinpdd.com

dabanse.com

pyztsl.com

Targets

- Target
  
  Y0GEeY1WOWNMYni.exe
- Size
  
  678KB
- MD5
  
  7c45a8542757d9ed6871c12d1d8e733b
- SHA1
  
  6ffdb6f2b38f45fe00ebd82a074336596938eaae
- SHA256
  
  7300768cbf7406a287c49de81c675dadd3d5bd4d181afabc533380eac73f944a
- SHA512
  
  d3fb0653ce229de6f885e7e24ae8fd4ad7de7eaebedbad7e07aff1d08be3b7c95c7133d65b9f72b1b087a634af3ace93e39102c77ded7bc82a1a14e63ab280a7
- SSDEEP
  
  6144:m4fxbbFJLgGo+lkVSuc8gGzBLAcFiR+Kt15f/OSjFiTTVFcXbCdp8o78HfVNNBI9:ZhlkVJcYB0igX5f/mj2Cd6iN53JJA
Score

10^/10

xloader bfhm discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2