xloader

General

Target

8b8939bb5e3ad0c837d2ae0c901564f444570e5670befe5e09c47332cdbb7c25
Size

448KB
Sample

241121-yz1ers1leq
MD5

3817925416ce48dd72a7a233ab523bfb
SHA1

81ef6271a9319024102de6a6eeaa983ab42f80fc
SHA256

8b8939bb5e3ad0c837d2ae0c901564f444570e5670befe5e09c47332cdbb7c25
SHA512

33e21bfca6d69eb2767d8a2ae1e64f4077254fef105a2514123580527caac539b7ff1b8cabf7eff028cc957f7a7adb593a665d6679aec7a1fd0cd265ed0f58f0
SSDEEP

12288:Nvaawj0ugo2TKA1TsVFW6WqVUQuoMv36FAmCs1:NvHTxoMN2GhuE6W4

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

md4m

Decoy

thegreenroomak.net

boxingforfitness.info

hynejubelured.com

elektrocentralybenza.online

getinteriorsolution.com

ajctrade.ltd

boytoyporn.com

charlotteetlachocolaterie.fr

martens-suomi.com

colesfax.com

laksmanawarehouse.com

extraordinarymiracle.com

hunttools.info

ofertasdesuvsinfosmex.com

banphimipad.com

jingjiguanchabao.com

keepourassets.com

haveitmore.com

bleuredmedia.com

hsgerontech.com

Targets

- Target
  
  Scan_Doc.exe
- Size
  
  461KB
- MD5
  
  fe8f6ef45a87a9819d6e0ef206ae52dd
- SHA1
  
  1a0528c6e8d7b53ff1769a10d5cf5fa74cff3f06
- SHA256
  
  8c324ae28916d1fa2212f49fd7eebde3606f428d30a122109570070a455a8b21
- SHA512
  
  e1d6375e37dee7ffb0f370d5efb8cd6e121d2f8e208de621685a8bb4772e84deec29ff0e9959459f3d2bd79db1e1cecec9f052e4fa3a3330feae20dc12969b1e
- SSDEEP
  
  12288:7dKErHAyCCQTKAvVsH9W6Q8V6IuoMv56pKcfsF:xKEUZCWNaU1kg6wL
Score

10^/10

xloader md4m discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aapez.dll
- Size
  
  355KB
- MD5
  
  efab3fb0e77806bfa18185bf2f3b8047
- SHA1
  
  d4d56f97e29be2d095baea32ac802ac34d5df8f5
- SHA256
  
  9dc23ec35cbf336e98d2c7c59676d358113ff2340863daf327bc85b1f9fbf4ed
- SHA512
  
  d99f844ece5cc22f11f8da74510fbe547bc20e11167ceed583aeab93877148464c3ad20f71e910dd5be0dcb0703a9900cd2d13d8ff6ba6fe91e29f0bb85019ee
- SSDEEP
  
  6144:VIaABsU0Ln/bSe0pcKSdl+l+Ty129bbPUx9jV0nf6aq:tABt0L/bSnpSdlBi29b09jV86a
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4