xloader

General

Target

1524c77791d2167c07ff0a63cd3aa0cc2b069939994d4e0bd5c0eebcb8b2934f
Size

334KB
Sample

241121-za7yzsxkht
MD5

b38872cf2288bf185e368fcfa42d65fe
SHA1

e6722a46460b8588f7d7ba52098c2d880ca78ece
SHA256

1524c77791d2167c07ff0a63cd3aa0cc2b069939994d4e0bd5c0eebcb8b2934f
SHA512

487bd3d398886be5d555dff076675a6eb901db0c3e3fbe45947424029845cf11f377a48dbde4909f32d7b815e6cdadb59a8f302e3e5285b2d8f8749e418ad2d5
SSDEEP

6144:fha4MXa4CEFBf7ZBdSenoeOE0JVwDdxT72rI9wUK+Yfrx55f5imQmF7bK5QGY4bq:fha3Xa4HBf9B8enoeBoOvLafVnhG4Ka9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ze2k

Decoy

thesisibrush.com

triligence.com

chestnutsquare.net

primojavera.quest

topspeed-logistics.com

28684jy.com

spacesolo.com

paramusrealtor.com

designercandleco.com

profit-fx.com

medicosconnect.ltd

skylergray.net

prolaint.net

mvptcodesupport.com

empoweredsolutions.info

myhoja.com

cqueensbakery.com

thenorthfacesold.online

arttonft.net

angelaporterward.com

Targets

- Target
  
  purchase inquiry/purchase inquiry.exe
- Size
  
  478KB
- MD5
  
  7b609be1e4a80e64255bae244ccbd7d9
- SHA1
  
  7fdafd903951c4d001c4ee166a56e84ab521b148
- SHA256
  
  a502d5124ce1a2f6cf2b1daba71b936c4ef0c0b876a59393309311af4530b2a3
- SHA512
  
  0923ed7453eae902e7cc7cca6e33cfa7353c1c9115cf5de0022b519c645bdb77bc7fa09d2a63d29f63719d6257f29b9cbadbf2de833831063bff8e4c486d4125
- SSDEEP
  
  6144:qGiVg8tb1jW/xx8gTnEc8LTMVQc+W2X9sAgxHrK431F86YmhvTOMC4xx+hsl:ktBsAQEcMT9s2X9qE0FyCx+Gl
Score

10^/10

xloader ze2k discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/kqzumo.dll
- Size
  
  113KB
- MD5
  
  308631a500f8d984dee36b054ed45c1d
- SHA1
  
  aea27d0fa8574d6dd40fdd8525a08083ae2dbda2
- SHA256
  
  af3b4ee5be463951c6c7c2dfd2303391f42c64bd54b74fbbfd89db54e35023c7
- SHA512
  
  5e72932cf8e46163e9f9185c3d66f9776a0edcf853bad8963efdbe63ed0c8c5f7ec3c990abfec54c5bb79cbdbfe469fd6598b2c37c1598433ca2f7faf2bb7f2a
- SSDEEP
  
  1536:h56DCBCNgSu+xDIO4nHrmpdSH6SC4+Lmcf1+X7msu0QUrst2dihZcquyX2HsWjcp:hSgSuq8OcHrmO84+LmQM7RZRdKn2o59
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4