xloader

General

Target

f17173c42ee2394c24b3ea486e912fedc81659d5c8faa2a1360461a71ffda47a
Size

374KB
Sample

241121-yzqwbs1ldq
MD5

0b18aa7f23e897c6d6557f3e8b7e676a
SHA1

7ceefcc2c6ccab4cf4108ebee0847b45357b72a8
SHA256

f17173c42ee2394c24b3ea486e912fedc81659d5c8faa2a1360461a71ffda47a
SHA512

0ed269ebac3b9623254ea3800b08c8666426386582caa6a3160b84dd53a923e474e9baee0f6347498549c7382ad67f29f170a1c9d0d3735e5e152a2d58379bbb
SSDEEP

6144:TBlL/Pa4ogLeqRqkZ/UrBZbBbBTWyGwH7BeZgcTQogYeC:F9JTVRWzNVBXH77cTog

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uoe8

Decoy

chalance.design

certifiedlaywernj.com

bsbgraphic.com

caeka.com

zagorafinancial.com

cvingenieriacivil.net

mojilifenoosa.com

bucktheherd.net

sparkmonic.com

catherineandwilson.com

cdefenders.com

intersp.net

santoriniimpressivetours.net

arkansaspaymentrelief.com

tewab.com

bjzjgjg.com

michgoliki.com

oallahplease.com

plaisterpress.com

redyroblx.com

Targets

- Target
  
  f17173c42ee2394c24b3ea486e912fedc81659d5c8faa2a1360461a71ffda47a
- Size
  
  374KB
- MD5
  
  0b18aa7f23e897c6d6557f3e8b7e676a
- SHA1
  
  7ceefcc2c6ccab4cf4108ebee0847b45357b72a8
- SHA256
  
  f17173c42ee2394c24b3ea486e912fedc81659d5c8faa2a1360461a71ffda47a
- SHA512
  
  0ed269ebac3b9623254ea3800b08c8666426386582caa6a3160b84dd53a923e474e9baee0f6347498549c7382ad67f29f170a1c9d0d3735e5e152a2d58379bbb
- SSDEEP
  
  6144:TBlL/Pa4ogLeqRqkZ/UrBZbBbBTWyGwH7BeZgcTQogYeC:F9JTVRWzNVBXH77cTog
Score

10^/10

xloader uoe8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4