xloader

General

Target

c9021f324797d22940569db1bdc9469709987d3f008c979c52a285f726332260
Size

289KB
Sample

241121-zaebnsxkez
MD5

c9576d426f6471a34e8818799d1c57fc
SHA1

cac97d2a9de6d7bd8a2316e5afea932f3fcf2460
SHA256

c9021f324797d22940569db1bdc9469709987d3f008c979c52a285f726332260
SHA512

4b30d5fa421061ec185d91add4cefbe0b92759d24af3262d9978120a85f59cd865d69f9ef302c5f2e565710016a454162860da006d7c15739d11c86314b7cd2b
SSDEEP

6144:4KnwKTohDGvSDez+NvwBLjyIrh4LMMXCyxmqV4srKpEiqri:4KnH0hDGeez+Jc3l3fYesKyiqe

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

wtcv

Decoy

snowwisdom.com

metaverseforecast.com

mbc2digital.net

palmspringsgolfacademy.com

ff4cdhffx.xyz

webdailysports.com

alles-abgedeckt.com

dempseynutrition.com

egicsac.com

nutrioclinic.com

applebroog.industries

trup.club

937451.com

cococutiecosmetics.store

purwojati.com

qeefame.com

wbtqfuck.xyz

huazhansat.com

harada-insatsu.com

thankugreece.com

Targets

- Target
  
  9900f17982dbcce4d71a73e9597eef72e047bc31e0fc0b6e1f8a8bb6b31956ae
- Size
  
  378KB
- MD5
  
  5cd3ecc6fce1412c76dac663c0bcf8d0
- SHA1
  
  11b58a9f67d44e8f6410188242aa8a9be5a0890c
- SHA256
  
  9900f17982dbcce4d71a73e9597eef72e047bc31e0fc0b6e1f8a8bb6b31956ae
- SHA512
  
  0c1c822652f82178864df841c4e0dc946c4148a22d00262fe39f64459efd41b5d17987c86d0ac91830a246e89c1bcd39ec5c253bcfb027af3e91551045326463
- SSDEEP
  
  6144:68LxBbme9sRA4OyhLgHPvBsR/SU2TPs5t775BYBqbdzXYnat:MP28hs3oGPgVu8bF+U
Score

10^/10

xloader wtcv discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/jljzzkpi.dll
- Size
  
  16KB
- MD5
  
  2e33ff375eac30535f98a7c72b438c60
- SHA1
  
  180f41f2c881accf775ec93bfd752be043d1b391
- SHA256
  
  d1f5b895b161b27f1451c7dcfd4e73cd76e738e6cfd944692defdd95b57a2ae3
- SHA512
  
  d18492db4786c8df36f09fa474a8d4825d0f192ce05bb36339db6ba9c30df18a1896f348b5df4bcc427e5870e65ed4551ca9032867c6a7966c98ce8874e3d356
- SSDEEP
  
  384:MKrMSejPKmlxZZvDtracQBiXZW97WEbuID:MkMdz/vDteBBiX8kSu
Score

10^/10

xloader wtcv discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4