xloader

General

Target

35e45ba4f3e402b6fb56c741b3a12bdeab91b4f76275700d5202319657bf0815
Size

362KB
Sample

241121-zc5xeaxlfs
MD5

3575ab32235718ed25bfd465fb54961c
SHA1

226a90fece6ef68df77df8479654d63e1f40e843
SHA256

35e45ba4f3e402b6fb56c741b3a12bdeab91b4f76275700d5202319657bf0815
SHA512

65ec2090206a9d7604ed5d8fe494f20fcca608a7bbc622f89e723436803970105024b6347ee0e2fa5681f9543ee29dbbfcd520f8fefcf57f2d892f1bb8161859
SSDEEP

6144:hNJso2Qg4wlO5PurKa6/ENOMoqypVcDBUSDin3tDhqv2Co9e3ZHIqhCH5Hk99Qg5:hNqpLg2rx6/ENOMzKcDq13tMeHeNIjZY

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

xfts

Decoy

dailiesplatform.com

krlanka.com

koms.info

chesslearner.com

softwarefully.com

yogiplayground.com

learhee.com

faithbook.info

pepperrefo.com

kratochvil-elektro.com

artbyg2.com

123-e.com

levelupyourbody.info

ecommercebusinessowner.com

floraseriestrilogy.com

sdyykt.com

swchof.com

huaxinhui.tech

sems-iress2016.com

vasudhalibrary.com

Targets

- Target
  
  ab.bin
- Size
  
  438KB
- MD5
  
  ec5f47fe4a35107c14c9837b1737e7d9
- SHA1
  
  fd6070cd7662568cfc1e9f6451cd4a30f866b62e
- SHA256
  
  97710e37b088b72c870ceb2a4c03a04625f800a83549ed4537dc64893fc33587
- SHA512
  
  efb918a8368689df3aa259939a7208febd12ec26f928a0d452fd39dd06a5dec3a6e9265de2acaa49a9092ad6da8c18d30292637f870d14bdbec4e547f2d42337
- SSDEEP
  
  6144:ttVixIMpYEEsD5S5OMykMS4vk2VuKDMP9N1bIyu0TFxYVYQXV4bfxZpHVWKl5azI:fhE7DUmvRSIyuEFxISZZpHVWKrazcl9
Score

10^/10

xloader xfts discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2