xloader

General

Target

cacb6d35444a261d49962f30f25fa39950bef34049ab6452f58ce80c71d97ed6
Size

368KB
Sample

241121-yydjlswpcv
MD5

0bd5a55a0ed7abbfeac1035408ce5f01
SHA1

b7caa57c4f3ef50e065311531c6afc5d1496e26f
SHA256

cacb6d35444a261d49962f30f25fa39950bef34049ab6452f58ce80c71d97ed6
SHA512

13adca70112e794ec320041d7fcb8a81840e310547886b1e3161836fc2f5737c60d4bf1ba74427b526b4b9836a3d78fa6427768e370a82ff01b26e92fdb5e56a
SSDEEP

6144:ZwWDio4om2Ju0v3RP9CrYnhAze5/cK8KtLils6CwsDpdP3:N+o4om2u0Z9CrYnStK8as2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

tod8

Decoy

shabizy5.com

sattaking-delhiborder01.xyz

venetianmountains.com

vertogaastad.quest

zimalek.com

olympiacrownhotel.com

dubbostorage.online

mosescorrea.com

japanroofing.com

mashareq.store

gdetcz.com

slimmersite.com

aplintec.com

878971.com

charlottesbestroofcompany.com

into-mena.com

newlysupply.com

bianncapace.com

netrew.com

anhecapital.com

Targets

- Target
  
  jkdgfjdksjjs.exe
- Size
  
  307KB
- MD5
  
  f8693bc45ac1f9a8acdd9bc061ad3c2e
- SHA1
  
  b988fd20ffd3b96c4e38783d280b3e35b48ccbfb
- SHA256
  
  5ba1c9a3ebf5b288588742abae0a909ac72b081e1d6273e8e7766f81d6ffa5fb
- SHA512
  
  f9361f370f023cc12e3b890a46045d03dbcc0502f5c6ae3a5bdcb44c09e39a020a7db1f76d891a18ab0d819dd9d639d9b3af2ecf377328e17bc94421541b53b3
- SSDEEP
  
  6144:TwWDio4om2Ju0v3RP9CrYnhAze5/cK8KtLils6CwsDpdP3m:r+o4om2u0Z9CrYnStK8as2m
Score

10^/10

xloader tod8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  uzumdnygfv.exe
- Size
  
  116KB
- MD5
  
  259e6385e66fb2fb767d9890621d97d5
- SHA1
  
  4d1f445199912de9b44ceda0fba6a42eaa73c79a
- SHA256
  
  a39611e75ae56a71d3266f2ede64e92ba3fcccca6d626603363d3e8397ed4ed4
- SHA512
  
  fb384a1b6767349e4d01c75b173008b839308b4e8c5c23bc0ceb10384be6af2caee22455b1e317abaa93e83ccd98a9b503997c3a51604ca9002539947511b797
- SSDEEP
  
  1536:icduOHhl2ALPOUofhDccdB+/yaErwz5EXMrZfCmJ+wqojNLE5jAWn9/c8r2523sM:bIQwALPSfOO+3s8KC+w/1E5ZfryLBq
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4