xloader

General

Target

b12cdef0adc08be1de0fb624ac37dadf55a62014c0d678c86ff68e605a79eaa7
Size

441KB
Sample

241121-yxfycawnhs
MD5

8b97126cd77e9b9dc982bee045131301
SHA1

449d1a3126de8fdbf032ffa235a221befbadf126
SHA256

b12cdef0adc08be1de0fb624ac37dadf55a62014c0d678c86ff68e605a79eaa7
SHA512

f350748ece751d2b77d32053398f42755a3892c6912507d1ba0439db1312155af6bbea7d3401a8576c1ddbd1a548e37e00921b6fd65543f94d40a542865464d3
SSDEEP

12288:a+10sKIE95vj6fNDN6ZBV5LQmnIfC2ZIyzD:a2jKjoNUBfLnIRZIyzD

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ssee

Decoy

portalcanaa.com

korzino.com

dlylms.net

smartearphoneshop.com

olimiloshop.com

auvdigitalstack.com

ydxc.chat

yhk868.com

lifeinthedport.com

self-sciencelabs.com

scandicpack.com

hold-sometimes.xyz

beiputei.com

yourrealtorcoach.com

rxods.com

fundsoption.com

ahlstromclothes.com

ksdieselparts.com

accountmangerford.com

kuwaitlogistic.com

Targets

- Target
  
  ee5ab13a8694e1883f2e4f1509580d2cd01b6041ef78da9e1524f8b4eaee6ed5
- Size
  
  528KB
- MD5
  
  b40a18df64a9b455bae40dba4eee5be1
- SHA1
  
  392938aa8d45fbca0701ddf1a89192e279131689
- SHA256
  
  ee5ab13a8694e1883f2e4f1509580d2cd01b6041ef78da9e1524f8b4eaee6ed5
- SHA512
  
  496344ae1c001546fdeb072da56fb20d999bc0a151ccb0a7fd8e06e5bac06892db9e22eefe84e18920b83b8c4e5cb385c701c72d72d05b3f3e7425f5f98ec878
- SSDEEP
  
  12288:mJZUyWTAtq4cMU/pzP/HHpyvW7f2XQn2a56lMSy1ExctCK:mJZ7jcBRzPxyvDQn2a5
Score

10^/10

xloader ssee discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2