xloader

General

Target

e44cd14fb92931c26ce2b978c737bc889d806cbde2171c729ddf21b79200307f
Size

458KB
Sample

241121-yx4peawpbw
MD5

cbbcbf820dee08db5fb952f4f238f328
SHA1

b198238c35bf9f13ea5eff0755f7c934e5de500e
SHA256

e44cd14fb92931c26ce2b978c737bc889d806cbde2171c729ddf21b79200307f
SHA512

f766078648036f4c6463ead270f96c74e1b51bf98f3f735bd93cc7dca474ab27f2348b990b5619d8d59c5a1eb7bc4e18a16f82a60e849a567d88c6f60406c42c
SSDEEP

12288:QjY/Xgg8Pli0KBNMPO22qxqp8ogFtqeeskCskbM:QjK8Pli0KBNvHp8oNnsMwM

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cfb2

Decoy

modafemme.store

adriankazer.com

littlerockgardens.com

peolinkbroker.com

gulfandinlandlimited.com

overseasentry.online

jen4x.com

saltysirenapparel.com

sprintfingers.com

obio-energi.com

auroralunaclothing.com

imafuckingretard.net

finalimpactoutdoors.com

haylcion.com

cybertice.com

nikaluda.com

juliana-nails.online

karbalacanning.com

candouventures.net

solarpanelscapegirardeaumo.com

Targets

- Target
  
  355da352f5a3782b61c87156e127d0ad167a379a7b9a0889574c2a773b55a122
- Size
  
  587KB
- MD5
  
  836defaa62ead456b88f4ff5b376ced5
- SHA1
  
  1806b010ac7de322829d37e147b7f7c39b279c93
- SHA256
  
  355da352f5a3782b61c87156e127d0ad167a379a7b9a0889574c2a773b55a122
- SHA512
  
  ba1f17e025ec6145dfa4eb9a519c96d559a8e6cbb88fedddcafff127f494ee63288da4e0fa1ab353484708127f33e0b30185328bde1ecf5b7c866815b4e0f986
- SSDEEP
  
  12288:x4zlm31gW7Ixgyxb0QwM8YneKC6xH28EK8xr38WH:azlm3KWExgGpwM8YnXFEhp3f
Score

10^/10

xloader cfb2 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2