xloader

General

Target

ae8f63669d02e71c232ea701f686483d03abc2914e47ed2629a0861d7d927e41
Size

302KB
Sample

241121-yzsd6a1lej
MD5

2ccfac5fb3a122b0e41dd81bb23f2a6d
SHA1

4c94214f2c77acd609b53650cfd8167b88786b44
SHA256

ae8f63669d02e71c232ea701f686483d03abc2914e47ed2629a0861d7d927e41
SHA512

87f4dfc420aad0b550a36bdf03b1b07399829234758f247b41a408c4599b6466e9ccd98302f848d360091f0e7dca5e31773854b2d5ab69c40a7450e1707941be
SSDEEP

6144:QjvdX8kaLfzK5rgKv8Oan4+C09VyOmfbPZt/2220IZIzC3iYbYu:0vKtzKVtuflmTBd2gI+23hbD

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ciaz

Decoy

jobgeist.com

pxwss.com

nathanaeljeffrey.xyz

rhoypl.biz

avachaturbate.com

xvideopornfilm.com

heser.net

olphschoolcrabfeed.com

ballygallycastle.com

attunetouchandglow.com

wwwswanciitaphotography.com

inspinevision.com

ebabadofood.com

glenngreerforlyman.com

stickojfni.online

cursophpbr.xyz

thefindommistress.com

8c9myn92dzep.biz

alexamedia.art

rarerp.com

Targets

- Target
  
  79e8144ee4e2e97695849928e162288fc282de48ff4caea48314f9cb56477917
- Size
  
  313KB
- MD5
  
  da75710d466d2544bc8f4442b1ce57eb
- SHA1
  
  8356ff061e4864bfe114fb9e65bed20c267c78e3
- SHA256
  
  79e8144ee4e2e97695849928e162288fc282de48ff4caea48314f9cb56477917
- SHA512
  
  6d5c8f28f60bd494cade7bf4324c3309ac29a421202dae3494b8118ade429560e4062a2c83bacbfea46c63fe173bc04ffc299b8dcd2f611d67c45e7cf2c22695
- SSDEEP
  
  6144:TxD3m22lVTV6BSLia0bfMUB8uEqLjLQ7LYAbesH/pAK+eRBYBD:Vm246BSLTkfN8ubLj4Uy/pAKaD
Score

10^/10

xloader ciaz discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  yjpsyjwo.exe
- Size
  
  168KB
- MD5
  
  c55e114aae523179f507d32858962fe4
- SHA1
  
  3a35f75de10123d4b438d7be88c6bae7087a9a74
- SHA256
  
  445868ae39772e2a65c0e927d6a98d240d93c8515d57837b95c17304ea0dd693
- SHA512
  
  3900a645770ed43ab18de621f85f83588efe9fafee732277ee26e361dc417560a0aacea392d7975634e16f250734dea1f15c8aa26fb8b80c31bec1833da9044c
- SSDEEP
  
  3072:Hc4Horf5X/n8eXZHTFGAfU7VKXHGHggY/dFUhqZJ:H3y1/n8YpDCVKXHGAr
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4