xloader

General

Target

a445cdc9d8d2d40a006315b3505af76b234c69f1081d6bb8dba4c48af312597a
Size

311KB
Sample

241121-ywd3cswndw
MD5

fa8db3c2ba659337122b991d70f83ebe
SHA1

620eb8a99e7fc7e3bf52175dfd7c9890cc1cafd0
SHA256

a445cdc9d8d2d40a006315b3505af76b234c69f1081d6bb8dba4c48af312597a
SHA512

7d56fea6ac8313f1b7121ace2c9185e0eacd7167e680d684e37e71002871adb301b63d126047e779acb12262f5df08886ef01523fb8c7ab80e3849b475fc6dd5
SSDEEP

6144:fEm/pqFaveZ/1cvKf25JrS4k0e5pS0AAn1M3qFg2iBCSb4ZigUiu6Vll:ccpq7Pg/5Age5AR3qFCNsiiuSll

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

g53s

Decoy

kosnac.com

tujaso.com

handmadealtrimenti.com

txclaimsguy.com

newonedrivedocc.com

11t.xyz

shawnliang.tech

worldigger.com

lesgitar.online

winlanddepot.xyz

mofangxx.store

8ls-world.com

localrelics.com

piccadeliquickup.com

rhinogroup.online

hxrhorend.quest

avtfitness.com

oakabbey.net

presox.com

bluegreendi.com

Targets

- Target
  
  Request For Quotation.exe
- Size
  
  331KB
- MD5
  
  824129b9207a65188202904e49a0c7e2
- SHA1
  
  ed5f3aaaaa71b0f420307b0e056602060747c26e
- SHA256
  
  076951d55cc7d2bb25fe038497044c8743acc25898b7fde670c5da27d1a52cb4
- SHA512
  
  5061824f3bc92b5f4bb8a3d00b9a4f2477a700352ec36bd53c54879eb648259f556830933560164c4c3d27eaa8d8a22dc78fea93cecd3e89d082cedfb7cc2ce5
- SSDEEP
  
  6144:cGDpD9ffUdKRAzuVNJnFPcUJZPyjkZpmJNatj4GldOFZYf7foJRRQ5xB8Sl1gcAN:XDDfCKRyS/FPXFyYuJ0V4Gl1WRWvjJEf
Score

10^/10

xloader g53s discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2