xloader

General

Target

f277e98f77e8d53ca0bcd9c0420115414206975f2b3f936c47f12360a3067944
Size

771KB
Sample

241121-yyv4nawpdz
MD5

6fd81b3bd547377b55d6d36999a70158
SHA1

5be90cadf85164641fd6e1ba4c7235f4759b670e
SHA256

f277e98f77e8d53ca0bcd9c0420115414206975f2b3f936c47f12360a3067944
SHA512

409d34321d1276795bec7fd83ed866934312916154444e729c9a1c9660584bf1be0eab6a1a30b18bc6a818341a679ea65d1143c8df7040297a36fbf2560d8dc6
SSDEEP

12288:p2s/bQJXJcwDk9tFicy6+1pw75U3efBj8HIP3B6QxWqjgpbOpanSzONzVI:pnbQpJcmk9D+05un8B3vQ0Ozm

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uisg

Decoy

editions-doc.com

nbchengfei.com

adepojuolaoluwa.com

wereldsewoorden.com

sjstyles.com

indigo-cambodia.com

avrenue.com

decaturwilbert.com

tech-really.com

kimurayoshino.com

melocotonmx.com

njrxmjg.com

amandadoylecoach.com

miniaide.com

kocaeliescortalev.com

ycxshi.com

f4funda.com

126047cp.com

projecteutopia.com

masksforvoting.com

Targets

- Target
  
  a521b489989a9c3e92621174ec90982d6bbf04ddc074eff4feef54c18017418c
- Size
  
  1.6MB
- MD5
  
  0eb57a45752250a02951ac1fd7e79061
- SHA1
  
  c5f35af89e31633b921f81ca037d37bc27a5d189
- SHA256
  
  a521b489989a9c3e92621174ec90982d6bbf04ddc074eff4feef54c18017418c
- SHA512
  
  1854fa87ef160023546d107fe391534ff6947196c4e89bc130619ffca5ad4ea91a6b6007f320de16e286c36ffc149c4e0a3db1cdc93225499c623b44ab329c61
- SSDEEP
  
  24576:phOc1xW5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+T:TAiecqBRNT4wgp/anPCfNQuiNB/e
Score

10^/10

discovery xloader uisg loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2