xloader

General

Target

24eeb3498aa21bb6c8f59eb4145892470d6fce8c5b6ed226c19ee625b8eb0114
Size

822KB
Sample

241121-yzmhxawpgt
MD5

35b5c7d43599d095d983de1335d99269
SHA1

d6e164eef87b5add8bbe3c06d087645c4c908598
SHA256

24eeb3498aa21bb6c8f59eb4145892470d6fce8c5b6ed226c19ee625b8eb0114
SHA512

c9e9c100a2d6d7983ba3e2b5c7467f97767f423acc2b37f90f0c833a5388eef1f16cb272021d96f0fbcb232e8b8764cc9e15dd321956e67815427a4484ed8156
SSDEEP

24576:ZP3TPHndR6I/9mWBUP3TPHndR6I/9mWB4:B7ndR6KwWB27ndR6KwWB4

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m3ci

Decoy

424964.com

ocean-breath-retreat.com

icidedansdehors.art

wrochtthurl.quest

6455gfg.top

dgfipmailservice.online

banjofarmenica.com

dkcazin.com

jobs-fp.com

karens-kornerr.com

parmaesq.com

nuevochile.net

inputsquad.com

consultacedula-sep.digital

taogoubao.net

gimmesolar.com

bluelacedefense.com

grandagent.club

warqatalzawaj.com

getvirbelanow.com

Targets

- Target
  
  Pump Parts & Stainless Steel.exe
- Size
  
  540KB
- MD5
  
  e0213cf3bd4ca9cfd094272ed98c37a6
- SHA1
  
  704402640a854c50d4a787155d4eba19829106c9
- SHA256
  
  9e94ea964630e088c92a9caf37bbf4e9716e9490142e58f3ba84042b02461021
- SHA512
  
  e52494a23e98c19c23c18c025de804426464101d436b6ba66b096112bc8c06ff86baed2d3164688f15299edf2c4a5351b12475e70f7cde851d7b9006e8913e86
- SSDEEP
  
  12288:YhAgAIs25v5+Yzr9KtMsIUFVhwsAsK4POYiUmjclhVkOHdSMV/8pS:Y15lzr9F3UjKZsK49+4
Score

10^/10

xloader m3ci discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2