xloader

General

Target

7da29336c4fdb0a6228f89d3518d2c7919124b27e421bf6a532a7455c3dce642
Size

327KB
Sample

241121-zbn79s1qfq
MD5

bc057881eb65abf9ce79c8bf6c30c9b2
SHA1

09c9ae2dfcc896f801687cde4c5a9a88c277c82a
SHA256

7da29336c4fdb0a6228f89d3518d2c7919124b27e421bf6a532a7455c3dce642
SHA512

041220da0be2fed1af40ace438280fb2065a187eed5dc0bb77acc461ee2d50330e77603a96b0914035d7d9080915ead4d0b79cbcf8aadc2e4b0eced32e77c982
SSDEEP

6144:vp1C4XrVDkiuq1k5eIKubsQMZTI1hbnl+fDFXyIZc6487TrqTT4E:vp17rVTuq1aewbWO3Z+ZCID4wcTp

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

quc5

Decoy

writerpilotpublishing.com

journeywands.com

madacambo.com

boreslirealestate.com

drillshear.com

urbanmastic.com

focalbunk.com

ghpgroupinc.xyz

rfgmhnvf.com

241mk.com

mandolinzen.com

thenorthstarbets.com

oggperformancehorses.com

webuywholesalerhouses.com

cinreyyy.com

theyoungwedding.com

neuro-ai-web-ru.digital

zavienniky.xyz

kin-school.com

lowratepersonalloans.com

Targets

- Target
  
  b95b2708e33befda87ea5e9970f51f8fb92741b4ccf59ba6e0e81bca5a10aa1b
- Size
  
  470KB
- MD5
  
  b3dfff5713cd5c14b318b5e8d03f165f
- SHA1
  
  1086c8695b1475bdefced78b602fab5c684e03e6
- SHA256
  
  b95b2708e33befda87ea5e9970f51f8fb92741b4ccf59ba6e0e81bca5a10aa1b
- SHA512
  
  690768d0fe8ec516530df185dd263097ad3657673c21bd3d7547f90b9061443bd650ff88336b162612390705b9364666e4192c081a465d138ad2239489889cbb
- SSDEEP
  
  6144:NwW3I/rWDFjbLMLzAckNiycbOTVnxkPuN/iK0AistrocL2JUzjFdIOha:L3IrWDV6z+cbOjOuxiIVrbL6aJa
Score

10^/10

xloader quc5 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ekow.dll
- Size
  
  18KB
- MD5
  
  4255f992dca6609afe2290b6e31d7e7b
- SHA1
  
  462ebc74c1078dc04460d4e0403a8adf74d11adb
- SHA256
  
  f774b50cdcf20dbf9515d6051776e4d7fb7ca4afd2ddb60028d72510f7575a7f
- SHA512
  
  52ab06e60955cd56e0c15fbcb571f0e08ca96038322e87a4938e9701e1f23a1b52b1286f189c92b564cca38e1371ed181c99d2bdee092dabd3341b42304e0006
- SSDEEP
  
  384:fB/Tan2ihl3PCCdfx/0LP0641BdnndIxzY3b81t3QKd+D:fRTanRb6Ep8LUB2zY3betgj
Score

10^/10

xloader quc5 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4