xloader

General

Target

43fbf38d5c513b83310e4e4caf4fde03e99b66f1dec2560d4fe397522a3560dc
Size

643KB
Sample

241121-yyl6ra1khn
MD5

83eb42a9a1843ad730f591fafd892572
SHA1

2e278be5a9b5b530eff78adc04b8253236001d0d
SHA256

43fbf38d5c513b83310e4e4caf4fde03e99b66f1dec2560d4fe397522a3560dc
SHA512

92058668ce06ee96c4c4dccb88634d74916c84a938e018077d99ecda1b8d3619f56b2fa52cbd2942d5dba4dd4874275923dfac458f9b6ed7b2fdf37ab7713848
SSDEEP

12288:qJcRMx+eeyOGqBgc58fbmtDFav9J388hEq+Nm5SaeYYMsEaQgk:/2eyPO3ufVT388hbQm5VqW9gk

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pba2

Decoy

marshabenjamin.com

ipx-tv.com

1826bet.net

free-story-civilizatiom.com

projecteightstudio.com

blaxies3.com

knowyourpharmacy.com

daviddelavariservices.space

hawaiidreamevents.com

chickdeal.net

toko363.com

flextech.design

americanprimativeguitar.com

sourcesfloor.com

project6212.com

eggbeaterhub.xyz

homefittness.com

eigenguard.com

bridgessd.com

wordabbler.com

Targets

- Target
  
  Statement Of Account.bin
- Size
  
  1.3MB
- MD5
  
  c7fd77a7c2474fcb0ec79dd58076344f
- SHA1
  
  0bfb3c863297d46cf93a40ba6ba31b83a0db7cdf
- SHA256
  
  e69fd364919f58fdedd5a970fd5869750afc9ed444fea306b44fd7d27291d53e
- SHA512
  
  5070f929299e00945e7b8e5850469a386384fa3e1059d83d572dbfb566fce633671f2457e37cdf2df4e13a4519239ede5754ed47965f4405ab1ce60921044728
- SSDEEP
  
  24576:oSbkHyXhCh0hJhphVh4hhhAhaT1hf5/N8O31HslT4Hc534hXhAhGO1q:UyXhCh0hJhphVh4hhhAhw/Nl31HsVv5m
Score

10^/10

xloader pba2 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2