xloader

General

Target

3df785fda4cd77f1d06645e42406b31bd766b8149d1a608974a99296a31063c0
Size

251KB
Sample

241121-yzlava1ldl
MD5

0450cbd981c4e6c5ea52268e72a3a491
SHA1

ef783015b17958e8af670c5f4de0c94fe56fb52c
SHA256

3df785fda4cd77f1d06645e42406b31bd766b8149d1a608974a99296a31063c0
SHA512

a21d8e8aeabc986dcd43475a1a534b5388a310992c70c5f0fb5722cd77e5b8cc760f9025169f763b50144e737cea8ba339c0c909df78edabfd706086158e8576
SSDEEP

6144:JFxQvDpIw/HvWcpBJmaHbaVKVN7BnpF1PNzzV:rQVBYgcKPJpXdV

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

di4c

Decoy

oscd.store

simplyminiatures.com

famouslovebackbaba.com

turkesteronesupplement.com

most-attractive.com

le-thermoplongeur.com

joydeb.xyz

incomepanther.com

infoterkiinii.xyz

indigocard.website

plasthecnolgy.com

canmamap.com

aviationtrainingworldusa.com

successoffplan.com

desert-breeze.com

nilavarna.com

stanthonyswelfare.com

shezefy.com

shcq08.xyz

spencerpauley.com

Targets

- Target
  
  Inv.80967568.Scan.pdf.....exe
- Size
  
  321KB
- MD5
  
  0fdcc8266884dd687604486514c6634c
- SHA1
  
  afdabfb1c31580bbda9a1722e6e0839bd32df3f9
- SHA256
  
  e4447b89d65251cb238f02c538cf01488628c61ac709f195535feec8e18ec9e3
- SHA512
  
  1e08f28e87c26a13645b23f4d0ca209feeaa252357bf9a294556771c24bd261e627bde1603d0947d7aed2de0b366c27eb520527b978e0fd2cafc0ea9016ac023
- SSDEEP
  
  6144:18LxBz9FLFYq1kvN/o7QFPRVbaVmVP7BlpFFxNwzR:49FLFd1ktoMFPcmFLpjiR
Score

10^/10

xloader di4c discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/blgyqihyvgd.dll
- Size
  
  17KB
- MD5
  
  aff7a15a068a40996bbec6d2f8fe510a
- SHA1
  
  c05a992dc17306bb507bfa0b5e4d68edd8809c99
- SHA256
  
  86ec7cf90bd0ca677b897807c5391958e539890822e607a5087035308e527f64
- SHA512
  
  cda72fff7af615df8a5f407ddde60c013ccb0816a30a32673eefa8973101f87039b95e466078b764298c3890cdbfe6b02dc65a7b7bff3ab81514507bccf139bd
- SSDEEP
  
  192:YS4GE+5mkk5ZEZjRw2V+HU9bicYp5jRpJN6pKqizHGaPTS2+Qqx316UI14:YTGaZ5Zu9V99GpRX6JiLlTSBQN
Score

10^/10

xloader di4c discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4