xloader

General

Target

2967a67f9ead3a55e0c1540d2b6e3c2b88050593c0cca64f1ad4f01344d20590
Size

618KB
Sample

241121-yyasqawpb1
MD5

2d88ef2b8634ac1442702d35588a5f6d
SHA1

a3c170f467e37323a7f1596b176e61c9f54bb3b3
SHA256

2967a67f9ead3a55e0c1540d2b6e3c2b88050593c0cca64f1ad4f01344d20590
SHA512

54517339399d69ce4a85d5ac67c6c0fa90b954997524b988b2fbd08175c686dcd85a021e155b06d71ef79153bc2ba08912ad78d7e77698d1cd59c0504149ecd5
SSDEEP

12288:fx7QdOdDNsJD+6yP+XuCf+kTZLMhhf4IlonWNUZKb6Kgnt4ENNi:Zg+Uf+7f4IloWWKbIje

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p086

Decoy

jinshichain.com

worldpettraveler.com

hightecforpc.com

kj97fm.com

streetnewstv.com

webrew.club

wheretogodubai.com

apostapolitica.net

thecafy.com

vinelosangeles.com

gashinc.com

gutitout.net

bvd-invest.com

realtoroutdesk.com

lawnbowlstournaments.net

nobodyisillegal.com

abogadoorihuela.net

sanistela.com

jksecurityworld.com

peppermintproject.com

Targets

- Target
  
  1013981e9742f0debfe503dcb812e5f87990eecdb7d2857c233652a8a3acafff
- Size
  
  636KB
- MD5
  
  af331c3c0907af5282c00443536b22c7
- SHA1
  
  ed908b4ad857a61bc9aa84bf8d53df894ee7bd5d
- SHA256
  
  1013981e9742f0debfe503dcb812e5f87990eecdb7d2857c233652a8a3acafff
- SHA512
  
  f00f1eb4df01061dd1bfec6c6df3e509359aa4a5acea5c91f5b9cd41e4bbf218d46a43b25d00922f86d1bbe99d090622e042cea1ce2184bd75d6f47b14fc7423
- SSDEEP
  
  12288:jXe9PPlowWX0t6mOQwg1Qd15CcYk0We11Z6SBlWJ1bGo+QTIXZ0+PBBVb:KhloDX0XOf4NARGojTIXu+PzVb
Score

10^/10

xloader p086 discovery loader rat upx
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

AutoIT Executable

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2