xloader

General

Target

17a62f361b0637da62a31177c2e82ab808dccc925bec9f977ecdfd6cd5b5728d
Size

615KB
Sample

241121-yyzf3s1lak
MD5

19488a312122a405c664538f6ab6d832
SHA1

d6e7be3147d6c2c6f5ac21203e89c88060703653
SHA256

17a62f361b0637da62a31177c2e82ab808dccc925bec9f977ecdfd6cd5b5728d
SHA512

543ba4c2e46e650b3a0fbd007887391cb2b14f7a5c70e8d94d4ba1fea7e36f90b83b45cc6d009153a8c699909e9b644d7af3785c76a68a02eb0b9255b879f0ec
SSDEEP

12288:RxX8BoadVFmsiOSzrr17LYoe7YEcOERBMd+kOdpu:j8GagsSNlIYaETm7Oy

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

a7dr

Decoy

thevirginiahighlanders.com

crazybenzi.com

nottruthful.com

happi.info

amjadlighting.com

mlebentv.com

pogrebnolipa.com

907wine.com

programheart.com

jenniferlarmstrong.com

alexjcarpenter.com

rokyslegendou.com

confidenceismine.com

thegeek420.com

hover-lover.com

conversationallawinstitute.com

ssonya.com

woopyyl.com

ebotasymas.com

nysobvakoiijqjs.com

Targets

- Target
  
  BCS_ECS9522019111121380024_1206_952.exe
- Size
  
  1.2MB
- MD5
  
  54e12bb22e93723f1207f9b0c68ce740
- SHA1
  
  c4c2bd10d4e5a21997e1b5a2eec5beccd63759ea
- SHA256
  
  47e832373110163a11b922941cb9a2377c7e44ed290a528073152b0fb1ffef93
- SHA512
  
  d1741eecc9bb3177ce4b115ded4379af5d4898a9088882f130f3a52ecfca5cdefd488316e8076f42c56d5e0c12119b38de28236429b67daaf9262b64af1a5bf3
- SSDEEP
  
  12288:tP6lfqSXnoJQSfo9PwSNGAQI7/OGBbuqPFxeElvzLVMAcfNQBLSi:Rvaj9oSN77/OGMyHlbxxcfNxi
Score

10^/10

xloader a7dr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2