xloader

General

Target

e98d79940b2938bf67e5634799e270a3baf36927c57db389ea6599f40f7723b4
Size

201KB
Sample

241121-zbqfbsxlay
MD5

dadc7f2b1364e4e03a3ec0fb719b6e64
SHA1

a36619e8229eba0b790ac7d9949657ccf8e53394
SHA256

e98d79940b2938bf67e5634799e270a3baf36927c57db389ea6599f40f7723b4
SHA512

a3d39fdd0c1359a926badf8e6565dd66e15d13cb2908f1bd19765022344bdcbaa3c8a26eebbf651357ac88da68852b9ad5e8e1e85ecd4efe2379cb863d786426
SSDEEP

3072:9REaFObGo0zj1wj4o0DZvlNb17SCzu2z578vbbcpnQ29WgYQj0K:rEaMb6Csowvlf3NyX2n19W2jh

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

nvj9

Decoy

xn--zueo-iqa.com

bjpowervision.com

immobilieraoujda.com

hurylaw.com

gvpdbtgjta.com

tvboxsmart.com

jarraprints.com

12391.xyz

mashangjianyun.com

jemadarehe.com

domineseutempo.com

awakeningwithautism.com

wuyuejs.com

boldbeecreations.com

avanseuscan1.com

mazandfootball.com

darkblue3-e3.xyz

miacebuche.com

luxenap.com

homeisliving.com

Targets

- Target
  
  SKM_4050210326102400 jpg.scr
- Size
  
  214KB
- MD5
  
  5dc5f2545bfd91c046ea5ea030147c93
- SHA1
  
  118ea38bcfdd48e38acd33e68f536012f2a9e71e
- SHA256
  
  257432b5ffbd5ae253f6be351f71f968d407f15e7f5ea78d7b613c7d663eba9c
- SHA512
  
  3da13538b130761c21847d5df144aafa83fd1e0ac9f9957421ea81d99092579fa1e73dcca6305edc5f220f38de18b747af6aaa24f1d9863da89cbfae58c89402
- SSDEEP
  
  6144:cQqeRseZ3O7WdUH2RIe5vt4x3oDmeVqRIxXP4Wyt:PRsepO7SC2SeNmloDmROxg7
Score

10^/10

xloader nvj9 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4