xloader

General

Target

3abc1fe95d566420c125be90f7ac29c3f9e59876cd046c99973a5241f8ee98ad
Size

273KB
Sample

241121-yxwc2awpbs
MD5

0c60e63f4ac8e9fc6bf81836ad94d78b
SHA1

471d497283f3525eb3c8faffcdbd86226663fa7e
SHA256

3abc1fe95d566420c125be90f7ac29c3f9e59876cd046c99973a5241f8ee98ad
SHA512

7d1c1aa9e7a1e3d9c79f4198b24676ba9a8884ccc32ec9d4a59c19b18674d9cdba98ab5cdb134a70c4214b6d561b13683a90700ad4d02e89fa589f3fa60be6fb
SSDEEP

6144:frUu2U5l2f1tXVlfPxraRsrVe3VVrkuAAr6d2rP9gXd01JOt:frUu2U5l8vnBaCrVe3VVU2Ott

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

tk66

Decoy

builditatlanta.com

nkrevolution.online

mgm-photography.com

g5tgbt5pro.club

lvjia.store

dealsmyweb.com

edgyveggie.biz

thereview.community

drkittipat.com

noordinaryadvice.com

radiakeep.com

hughers3.com

jewerylsh.com

willpowerleggings.com

wmxldn.top

haberinolsunmilas.com

deltamtrading.com

thegaragecloset.com

wolffsurf.com

vbitleader.com

Targets

- Target
  
  Remittance_Advice.exe
- Size
  
  379KB
- MD5
  
  da19ef06a39a0b1594d3b6239b5ef1ec
- SHA1
  
  8fefee7414e25411b6f0fd2eb66c1b7380c83c2a
- SHA256
  
  7f9f8cc38a55f713a4d06144cf9e9ebb7967d77aa7ed51aef8aebe70e374c489
- SHA512
  
  465f311067c27c87970df0bb5a315f2ae48646578567af10d7622ca756413b9392faa0b47bbfeedc66b9720b84d72b1273914e2a377f02915a7697677189ece8
- SSDEEP
  
  6144:MVUNLTYOapBpxKqWDaAE59TfGBw+MeYBVK0ilLlRdLvN34Q8a6:MVUVjapBpFWS9qBw+Mbk0ilLlrFca
Score

10^/10

xloader tk66 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2