xloader

General

Target

95fb48e810c51e4ce990a1143a7081a35cca427a748120612d23a2e25f155e81
Size

486KB
Sample

241121-yyxx9awpd1
MD5

8500e36862516a09453e20856463a8eb
SHA1

d7044d74581c92fef1d52c7ea4393d84e3d56e63
SHA256

95fb48e810c51e4ce990a1143a7081a35cca427a748120612d23a2e25f155e81
SHA512

795ef89414a1d7278d92f22b1ec4dbb93a4dfe557c9ff26763385d00654450596429147da482db1a9a238552927e41675a236fb6923fb8f51ddd4f3fd9b87cea
SSDEEP

12288:vf5PuTvrSLYql76jg+3G65gyEi6jb0Dx1h2I3m:JGDrSUtjt3rvEi6b+r2Im

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uv34

Decoy

lattakia-imbiss.com

helenafinaltouch.com

yogamays.com

habangli.com

embraceblm.com

freeurlsite.com

szxanpet.com

inspirationalsblog.com

calibratefirearms.net

chelseashalza.com

ihdeuruim.com

symbolofsafety.com

albanyhumanesociety.net

exclusiveoffer.bet

888yuntu.com

maraitime.com

caletaexperience.com

dreamlikeliving.com

wolvesmito.club

zbyunjin.com

Targets

- Target
  
  3d376406d5d05f3f353447e17a2f5adab37ea85d72a3a7cefb33549c2a17c19f.bin
- Size
  
  582KB
- MD5
  
  7865e4215d53758ff1d749b26b56142e
- SHA1
  
  506db383bbaa167442c8dba0f0884b745cec8a8b
- SHA256
  
  3d376406d5d05f3f353447e17a2f5adab37ea85d72a3a7cefb33549c2a17c19f
- SHA512
  
  7064e831ebec08befc0ceb06780cf4a2159f6f9267f6e76cb9db1216aa42d84c1f0511ce6a7bf36957e28a9edfd78c7c71f9c947bd24fa610c5e4358f4a138f4
- SSDEEP
  
  12288:mm4R7v3Knn6oJyyInK+EUbwzLjXtBaESLEPalMXY2X51Pljh:ibal4nkUsBB/DkMx7Pljh
Score

10^/10

xloader uv34 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2