xloader

General

Target

39df7b98ddb03dd2a5f3f0a9745ecabb033f8d710abbc65135a6d4df865e96ee
Size

576KB
Sample

241121-zbcjgaxkhz
MD5

8a35d9f52b46f3b1d4042982a3a5decf
SHA1

856e23b8ce8d93b2f35416c69a54172ed3b51448
SHA256

39df7b98ddb03dd2a5f3f0a9745ecabb033f8d710abbc65135a6d4df865e96ee
SHA512

89ba38a9749dc797e71bace877c405ac976e5dcf6ad9b26546681754852bbd8961567f893ce70aebe1ef2057aec023e0ee42b88b1529a745fe8c9f0c889be409
SSDEEP

12288:XJmADnfdbzkDzQw5t7RzBIXbMmHSAVt9EQc5XpcfGJv3WQ:X1f6DbzB8MrAVbXmpqA3WQ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

g3ws

Decoy

lashandragrey.com

rickster.tech

mfengnews.com

ignatovi.com

munjashoong.com

oplexxburn.com

freaner.agency

finetaxmultiservice.com

sydneyelectroservices.com

puma-factoryoutlet.com

kakaomobility-recruit.com

tombitz.com

kekenapeps.com

claudchat.com

hondenpaleis.com

hyswkimjisoo.xyz

ralphlaurenoutlet.us

cargonodeseado.xyz

virtualassistantsteam.com

mamaduduprints.com

Targets

- Target
  
  OUTSTANDING SOA PDF.bin
- Size
  
  701KB
- MD5
  
  52034976e1fbea4f25050737b949ebca
- SHA1
  
  59fa258b62f43df44fd131684f11fe090e905159
- SHA256
  
  54959487d80d695894f408175af28cef3993a495f67c9e5ad98d30a355110cfe
- SHA512
  
  978cdf9778892d77ce7ed5cf80ca5c454e02fc55f52d32e35a3c2f6bc96280c16f611ef7178cc11d17262180aa4830a018affe24bac3c10f9cbb93dbe78c04fb
- SSDEEP
  
  12288:zJCS4+09q5p4YHZoAN7/5ZTnvqWs2Cd8eYRcJ6/:1CS4+06ikZN/PvqWsN+5+c
Score

10^/10

xloader g3ws discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2