xloader

General

Target

781ce425460a0a8bd9fdaf68224ca4b8b3f6fdfab953f693367561fd7b76b13c
Size

742KB
Sample

241121-zbk6ls1qfm
MD5

8e22f095252254acad668bcce4f72b1c
SHA1

29a2b17c3548c7a628ed0eee7474c0957f75a84a
SHA256

781ce425460a0a8bd9fdaf68224ca4b8b3f6fdfab953f693367561fd7b76b13c
SHA512

4af84a111e90c3ee3af4f4823794366bd7c937d17735102e6ea1cf712e7a5f0842c0edc4845c0e3b613541c5645dc233c62b8ee929b3bacced5ffb88f10fd821
SSDEEP

12288:EEv0JtaLcdT6prk3+pMfNF5H3GNmP4tmAXloLMybElC+gsIgIKMCXU9MTBD:ENagdWRkOu12NmvAhlYOXUOTBD

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

witq

Decoy

cryptohavenpro.com

zildan.com

buyexcessinventory.com

telecluber.com

whhsdzyl.com

regionalkistel.com

ksusalinabookstore.com

firsttimergears.com

rzpsca.com

sakura-syoukai-t.com

zgvmeiti.com

99000444.com

kerisjatifurniture.com

photoparty.pro

monarchinvestiment.com

hkgjtrade.com

catholicsinglestv.com

nvtdigital.com

mariimportados.com

01mpt.xyz

Targets

- Target
  
  RFI von Aeris Impulsmoebel _RFI-9090.bin
- Size
  
  769KB
- MD5
  
  ad35195080aaf247005d6ecab3f8db72
- SHA1
  
  1d4368b26588323743b5de77995260b2a08d3eab
- SHA256
  
  895f390d56ade378e72f343465d78ed3f3f98ab04a3fb3e2e2616184e566b6c5
- SHA512
  
  4f8deae3bb1f2c3253583cfb932a545097913aab555b498afc4225a5361d76ea2a704f4fecfcde8d44c0d79129d530d06211a974008ffaba372e738ec1b2215a
- SSDEEP
  
  24576:ckygsXzLhX0ab8kLDnyQCjVBW6Ymh6WPa:MFXXV0ab8kXnyQCjrRYg6W
Score

10^/10

xloader witq discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2