xloader

General

Target

686adabad112edea7ab31c9f97542d3a20e6a83f056cc49e566708355d5b9079
Size

378KB
Sample

241121-yzc98swpe1
MD5

ee7075d1ae67a0fe87624adce0c8ae39
SHA1

181c0d1a6d3c100ac8d700b57f9ca9e82d8d25db
SHA256

686adabad112edea7ab31c9f97542d3a20e6a83f056cc49e566708355d5b9079
SHA512

ecd759d4f6cebb6dbc37913997dc1e3fa5cdcc3b3da721b2d7bd681762b2d6804e5786e5799471ac3fc023a1186041553d246f278e7b48ac2270c0bae7aa0b64
SSDEEP

6144:mvWKE3sMcQQ7skXa1csd3rCYR3wzLmbT37xErPQerNTecbdxCB2U3olEqp9vProz:mvW/cdgkXa1pTwzLKjdEr4sNTecKB2XQ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gm9w

Decoy

steffiemor.com

qe2rvstorage.com

louisteak.com

top-dex2.com

fafeiya.com

saffure.com

1upshopandstuff.com

wemove66.com

deckswap.info

joinjifu.com

joboval.com

stilldeliciousvegan.com

intercunt.com

espaciosterapeutas.com

doglai.com

situationslayer.com

adbreaks.net

cdjy666.com

ap70mm.com

gwh525.xyz

Targets

- Target
  
  #700317000.pdf.exe
- Size
  
  493KB
- MD5
  
  00b8b08c4cb4e862180416e97d5fcde6
- SHA1
  
  2fad1a0c6d35b8d7aaf6cede9e5260339f070a0d
- SHA256
  
  5d229dbbaa8e7f2584502ab1f3fd82c25504a5bb72ff718d32184dce04bcded9
- SHA512
  
  9dc385fe54fa86be6aac85d44b6f30b283655360ea7a3c3bd0a9cd5ab1fdb7b9f23b69abbd7f65cf3a756b848ca55ef9b27dbd956cab8ef9f2b674d91577120f
- SSDEEP
  
  6144:MqQJ3h4FLvCp+hJ11j8tG88R3DI4A0rkQklyId9bvLNnnYuWkULf5dq8+hZFBaai:MT0LvCp+hJ1mGBRzHp4dBNYVkkdqtrF
Score

10^/10

xloader gm9w discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2