xloader

General

Target

751c188a6867f7e56cd158413f41043fc6bab96b66c241d8b58d60e3222a19cc
Size

291KB
Sample

241121-yyfc7swpcw
MD5

54c8df7174f3f53b469fef0c0df0dad5
SHA1

388ddc57017fcdce43877948d3ed29797e61360a
SHA256

751c188a6867f7e56cd158413f41043fc6bab96b66c241d8b58d60e3222a19cc
SHA512

2ef8489de63d559c365b2d349c3c7067a09bbce8f071f70a8b52972a89231adc52d70a60d6f7fd916f1f0bf786c4dcb586acf9208717c142c9afbcb8647ab403
SSDEEP

6144:hvSVf19SN+ndRXOx4UmPlXpdtriKxVTJB:hvyfHSNqxOxSvfiKlB

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

d5tt

Decoy

air-bas.com

index1.one

liceist.com

racuch.com

slav-net.store

mermadekusse.store

tccaponline.online

thetalkzone.com

victoriajayde.com

wellbosoft.com

supericehockey.pro

empiredigitalweednews.com

veloci-cloud.com

all-blocks.com

malagainvestments.com

wildgiantelephant.online

surveyplatform.net

missinggate.com

cnonwovens.net

winecountryexcursions.store

Targets

- Target
  
  6e06b764495fc246c57c604363ccc21db72c8a4776660b852ee000cbe6a488a4
- Size
  
  452KB
- MD5
  
  8b78f9912230e0a212d3ff7f01db8f42
- SHA1
  
  efcde05431279abfe282e869ccfa53b1f6d32688
- SHA256
  
  6e06b764495fc246c57c604363ccc21db72c8a4776660b852ee000cbe6a488a4
- SHA512
  
  d19c1f572e47d84d6d9b439ec4d29197324d603c96825a87a2d28f07da6fbf842a0e05766b3e37e0ef34dec19fd7bc89651788bc43efae29cfd7750e603da8fe
- SSDEEP
  
  12288:PmHnAOmmeOwjvpFVHfYtdsvaTjwrej1I9Lu:PmHnAOogAvdeWBu
Score

10^/10

xloader d5tt discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nbcnvvhhow.dll
- Size
  
  20KB
- MD5
  
  967aaecddf0e31f0de8582942a26d086
- SHA1
  
  1ca5be0f614bb4db3608dfc0f549e5cf83442164
- SHA256
  
  de93a37794cf18a166c2a36646997ab128da7cd6b5b540f6f596de537bcde8ef
- SHA512
  
  bfd279d0ceea9f5e70466977989d89cf2885eca8713c63885ad2cac32e3030eb87a3237c71191448f6c026222a3bfb61a47944b2fd548f393bcc1a4313191a66
- SSDEEP
  
  384:QAMYwn4GqWlh1i9E8LB2T35YjzYDYp0fRBtsoudoq0rH+eNyp:QArwnskhU6tTuYkpoudoPty
Score

10^/10

xloader d5tt discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4