xloader

General

Target

c2db07ef9eadc24d56effb5858e81f2d7b241a75d0a39d0174fee389b9efb394
Size

285KB
Sample

241121-yx7q3a1kgp
MD5

2eb3feade17b2a72ef7efbe4538a98ae
SHA1

2590a77ec8be30afc42720e3f718d03caa061101
SHA256

c2db07ef9eadc24d56effb5858e81f2d7b241a75d0a39d0174fee389b9efb394
SHA512

615a96e6fc76a56ff9aede8c34145ccd1d2fd6613cb8e30da12dfeb3b929e87a0ecd849d02e5f1d4034b0558ea0c8a2bd246d40f98a614e836e21028eb819b81
SSDEEP

3072:BxdB3382bxkM5aVkZBsxKTakShGscKf06t+ZKnxFDo6g8FXamGR+oLPDvGeR9gZE:Bx/hb1aCjeKRZpx9fLv7gZ/gV

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pout

Decoy

leadergaterealty.com

k7bsz.info

laidjapp1.com

eastcountytaxi.com

betterlife-uae.com

materaiku.com

chanhxebinhthuan-hcm.online

06gjm.xyz

67t.xyz

here-we-meet.com

screened-articletoseetoday.info

lucykg.club

mujdobron.quest

susakhi.com

funtabse.com

unlimitedpain.com

2ed58fwec.xyz

weighttrainingexpert.com

allisonsheillax.com

yektaburgers.com

Targets

- Target
  
  66fd2bc4d1ec466bcd76e50bbc959b9a794e897345e69305e11aa99d0b0d656d
- Size
  
  357KB
- MD5
  
  b99e10d4eb07e4a986ee92bcf444a7bf
- SHA1
  
  470d703ad9ea51844f0577d917f7167cc032887d
- SHA256
  
  66fd2bc4d1ec466bcd76e50bbc959b9a794e897345e69305e11aa99d0b0d656d
- SHA512
  
  4914d79035dffa9ef00dc79ac756957a3cf686af41e414836ae0500ec1a9c5084cb77b1a2c1f7ff203d77b9f7897f8de3b38c1aadb36c68aa92d5900b18096b0
- SSDEEP
  
  6144:GwvDTzJ2RxyyZkZkMgGpHL9lIXJSto6BYvF1p7a0J8GM9p9MS:JzzZuMgGpheJSesYd1pR8lrR
Score

10^/10

xloader pout discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  nwixhieg.exe
- Size
  
  118KB
- MD5
  
  ac46facd334c7cd106cde9fdf38e965c
- SHA1
  
  daa001174d595132938cfc19c43579cbd4d082ca
- SHA256
  
  c1d018b4850721d1a602b7aa0273ef1e00d962199167f1b09465a47daff31b1b
- SHA512
  
  f546345984e3edb7651737306201e8b5a5d76c4b508170fb998ecb16245846cc3719052390aa47ca2b862bc0bbb5ae4174ec9605f5fb0c91758c4aef4092805e
- SSDEEP
  
  3072:Ua3JqHFiR0yzs5xdhSHaV3cEASRHNrOG:UVHQR0cgxd8Ha8S
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4