xloader

General

Target

f90df1966e0f3f1c5b57a339c792d6f4119c3e558774585aba5e2273380caf75
Size

209KB
Sample

241121-za4xbs1qem
MD5

561ff42a9d334a39e609f25fe6320c75
SHA1

67cd5435c1f3a803f1bc015a018b4db44dab2bfa
SHA256

f90df1966e0f3f1c5b57a339c792d6f4119c3e558774585aba5e2273380caf75
SHA512

58742f8bc8f98d435f8c1dd9d4a41f6b5b73d0cbbc5f9bcb7d55777e049f9b74133776681d0bff04be35c9bc89cf78e9a3f723eeef779574007c5b9b4fd016cc
SSDEEP

3072:RQGqiLbOiVHBk7cTonsdUaXIevJTbvfFYyaPMVLHP9iG9GMvHP+G7auRFARx0+gF:aGqiNVC7cIaXlvh7fWFG9bP+jiEcXMWn

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

s4h4

Decoy

v65mwh.com

ofertasempresariais.com

apoteklowamedika.com

shopblvdhair.com

jtcameraftp.com

vimlark.com

wamodo.com

mistersvisuals.com

copterapps.com

jamesebraxton.com

darmarcasepatentes.com

texasroofrepairpros.com

okaycollective.net

rughouzz.com

dgzhileng.com

markstipsandtoes.com

globalgrowlights.com

thehustleandco.com

fdgrenewables.com

sweetsells.com

Targets

- Target
  
  Orden de compra.bin
- Size
  
  240KB
- MD5
  
  79c4bfe2768aa6941fe3dddc7bd48e7d
- SHA1
  
  0f3d391d88a3b174ba33c3c1ef033f6089dbff16
- SHA256
  
  255506cf2f11fd60925729fe567e971eec5718dfff04051deac436d6e83874af
- SHA512
  
  c3e11a706269c476740645272ffac9229affe3e8263279ce9203735aa88916391c09408130e8d63acc7166570f8fe182fca387274151a34fbc315004a9ca4343
- SSDEEP
  
  6144:pBlL/4DgN8cOwmHQihvPJU9cubngctc57kyCwwX:P4gLeL69Vt7wA
Score

10^/10

xloader s4h4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4