xloader

General

Target

6602dfc6463c1dd74eb915d72b6a2083275106a5ad507667099c1015a1a8a9f8
Size

483KB
Sample

241121-yyrq8swpdw
MD5

690352aef690e6ca49d1fd0517d51c8b
SHA1

c9002e350642b67c4b9bad6aa5d46a778a799635
SHA256

6602dfc6463c1dd74eb915d72b6a2083275106a5ad507667099c1015a1a8a9f8
SHA512

af37af2260e18e8111a45aead792c12ff6e3bd5aedea14a311bf125bece0262ded736c4afa191bc3f0931e35f6936bb18026835b1b28931c23fd64c9915feab5
SSDEEP

12288:nH8cVZ3TsluuBdssAR1Y72le/H7WhYIKWyhDJrsd3:nH8cVlsluuYlrz0/b4YIslJrsd

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

how6

Decoy

wealthcabana.com

fourfortyfourcreations.com

cqqcsy.com

bhwzjd.com

niftyfashionrewards.com

andersongiftemporium.com

smarttradingcoin.com

ilarealty.com

sherrywine.net

fsecg.info

xoti.top

pirosconsulting.com

fundapie.com

bbgm4egda.xyz

legalfortmyers.com

improvizy.com

yxdyhs.com

lucky2balls.com

panelmall.com

davenportkartway.com

Targets

- Target
  
  Purchase Order.exe
- Size
  
  746KB
- MD5
  
  fc644e1753c0f510615c969a037a53df
- SHA1
  
  594cf60d934b1aa008a24608f2aa781238d5bf52
- SHA256
  
  766f746c512714ce38f8d0d43f7a0aba6fee673b77211c11542f5133ff25ead0
- SHA512
  
  0d5ebc07a9614ac71a5189fee599d4ee8b05603ec8eecb06a6c30b723f8173df9b0b096ec2f1ce68d510422089a369b1713f1589600a47877edccfb0417c11df
- SSDEEP
  
  12288:Dj/+raF5JN45uvfRqCdXb6GYkExocVDKl4IVBzI9bH1FCDtWHmawPuvnCuxFn+CO:DjW23J59dXb6zBxocVmP89jq
Score

10^/10

xloader how6 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2