xloader

General

Target

ca992e7318046d8edff0446cf68f826d9430538661534130ee16e7f4a60512d4
Size

610KB
Sample

241121-ywmdqs1kbm
MD5

69c4cbb873bf5de884f52b2f469e9b97
SHA1

32249882a89c5777883f43cc333e25f5bb91baa0
SHA256

ca992e7318046d8edff0446cf68f826d9430538661534130ee16e7f4a60512d4
SHA512

e034a1fe6b7bb07196a5c6a6e36b511d2916fd8fe2147232dc267f0ab206faedfea97d06beeea2900fa283920a8bb4370ad5c9e4727d42cdf8e2fc5dfefc4159
SSDEEP

12288:WfiBZkT6zEBC+OIb89fDxf+vl0GT+j51LEn01oQiXfkJBhaU5fTLg+:WLTq0TB+bZETe5FE0svkJBQUBc+

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rnn4

Decoy

saruroman.com

backendfurnitureconsulting.com

invitadito.com

aqemelearning.com

unitedphonerepair.com

xn--l6qt3dk7equidt4a.net

us-pride-day.com

refund.homes

gilanfarrconstruction.com

856380691.xyz

aerolabqhd.com

collective36.com

binhminhxanh.club

droogskateboards.com

thinkbest11.com

realisticallywritten.com

elderlyjustification.com

betteraff.net

freeworkpays.com

callistatease.com

Targets

- Target
  
  Order210622.exe
- Size
  
  867KB
- MD5
  
  a95e6cbd5fbab92fe57f838c1ec7b0af
- SHA1
  
  762e8ced25ffd5fc38a614e29505a2de53fe0d05
- SHA256
  
  b3694bb00b983f8e2bee0e39f5b852e0f73c076b860a93b8a63355ae59efb42b
- SHA512
  
  41637da58fd47b6d639393e6dcaf8fb019f06900a6491ae0f3b183426c4c3f98454d02b2c1c32f3282e1de4b26bc8e64bade8e1873a96f78c7ed950dd3058a34
- SSDEEP
  
  12288:6TedFkLhQlFKWFHmkafjGnLvWbHoGD9FA0skac/sDRCSCo/lidgo71Ym:aeBl7HhafEWbHoGD95VfsdCSCoQZx
Score

10^/10

xloader rnn4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2