xloader

General

Target

67ae49e2bb69e9d039f1e9e31543ed77e871faeaa339cfdc5ddf1c393e56d931
Size

206KB
Sample

241121-yykmxswpcz
MD5

b75b15b691172ec838fb0bfd95bef2b1
SHA1

6fb9979af102ddd256e451347f5da77bcf4664cb
SHA256

67ae49e2bb69e9d039f1e9e31543ed77e871faeaa339cfdc5ddf1c393e56d931
SHA512

443d299a825ace9a2c1e60ed90848efd415f338387e8f8849034cbd3c1de797e69bd026a651791a30965db82ce4136b83a5bf6b577ec9ce12810d4189705b4b2
SSDEEP

6144:6dpoJlhnRFBQKB8wuMr2qbM7ChRA5Q+g24F0KB:6YhnDyK6I19SgrtB

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

dp3a

Decoy

frayl.com

utmostroofing.com

galactigames.com

kingguardgroup.com

goldinsacks.com

platinumcreditrepair.net

sw-advisers.com

ininjawebtech.com

spectrurnvisionpartners.com

freshdeliciousberryfarm.com

12796.xyz

goldgrandpa.com

chicago-trading.academy

newstechealth.com

pecon.pro

2dmaxximumrecords.com

athrivingthirtysomething.com

universalphonemarket.com

motivationinterviewsinc.com

virtualrealty.tours

Targets

- Target
  
  Proforma Invoice and Bank swift-REG.PI-0086547654.bin
- Size
  
  218KB
- MD5
  
  b148ae414eb8a1b34a15cdb32c21f9ee
- SHA1
  
  25b78f76010cc34843352c78d4f8e07a28b46b32
- SHA256
  
  193788545c12c697fe660e9dd178e5d97478d5b90d5b0096f1cd6a9b641d48e9
- SHA512
  
  9f6efbfdd1ab7bed6e0efcff882fd05816c0cbb6b413abce562f1ab6c8adbfa2d86610299be8d399ba36a305b64cadc762806eaa4c647d9b04fd457ec1537d0a
- SSDEEP
  
  6144:Ds9G4RsUIfpwRmZfqJxbx3jjTQeGYWAaE:yG45IfpTIxV3jHQeGYn
Score

10^/10

xloader dp3a discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4