xloader

General

Target

101efb9c59c3d73c3782be29a664c15c69e86e78398e877cf73332a4d44f86c7
Size

329KB
Sample

241121-yx1mra1kgj
MD5

98f449d6f0f644acaa8fd00c1a033e79
SHA1

e7b782bbacd9e2a0140264b21ec7a68d2a9245be
SHA256

101efb9c59c3d73c3782be29a664c15c69e86e78398e877cf73332a4d44f86c7
SHA512

8f770b14442f2d05c73c5922a8dfe207b0a7f82246931809e0987a31cdf00cfd4203423acdd2bd8d59f8e9c83b34d6f1e7c223b3573bf88ee637b7ecf7b4982b
SSDEEP

6144:BApzAgo3r02v09g8LJI30ER61ix8LeZfrsm20UPNwkszBPPmKwvQniE:4ALQC6g8ddER6I8LemJsNPPmrvQiE

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

d6cd

Decoy

fatmerlion.com

gpo777.com

pacpointfg.com

s3k9r3de.com

jakitrade.com

tmsweets.biz

goodfoodsme.com

teddydefi.com

banahinvestments.com

kuvinziarno.quest

gma-bea10.com

onepotato.xyz

olympusconstructioncompany.com

amvids.info

tmc.wiki

swiftlybliss.com

provopreserve.com

rsvprose.com

staffremotely.com

diversifiedcontractingla.com

Targets

- Target
  
  f7d7da0700921b339807b5977c36fce50742c5ce87f432d357f9d3e8e683785a
- Size
  
  352KB
- MD5
  
  fc7eb63804088472b1cac1ac9fe5d16f
- SHA1
  
  63205c7b5c84296478f1ad7d335aa06b8b7da536
- SHA256
  
  f7d7da0700921b339807b5977c36fce50742c5ce87f432d357f9d3e8e683785a
- SHA512
  
  57c0dcf7689e04e172d4adfdd6295618cb5695034739a4c57d0fd871b864345e54dd05ed5c3475579ff742c947202618c59db0ea351f52521e1cf7622f007734
- SSDEEP
  
  6144:UwxU76BJzteu9g8LJId0ER61it8LeZf5sm22UPLwkkBPPmK4vQniV:JU74eYg8ddER6C8LCKJ6PPmJvQiV
Score

10^/10

xloader d6cd discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  ktvrnf.exe
- Size
  
  117KB
- MD5
  
  918b5b3ab8c29f68394eb7017a42aa85
- SHA1
  
  1a783f39a9ed81412bc018a0d54a116bf9de3277
- SHA256
  
  b4e506d84bae993428232dd52683753944461f639b7228639be20000563a96e3
- SHA512
  
  4a50d82e01690f12f6254f31f11db1fe69d40891b84675d4db25b55b90eb58a078ddafbeb125330df7dec31c6d6af752186ba57a05fd9eb5b6592b636885f672
- SSDEEP
  
  1536:9oMraTSjiYFwlvwVC1TsJ66zafChiCLfgOKRy0Ez4w8/GrZc8oA5YfnsWjcd7on:XjFwlvweI8kaZQvKReHXmfIkn
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4