xloader

General

Target

1a19b9c49caf3ee9854210702dda640989e1f589a86af8802b42ea85eb837e9e
Size

233KB
Sample

241121-zce1zsxlcx
MD5

713bb6baab577c352cac3195628e5dfb
SHA1

a89e2d526a54580ca84e6fabe50cc1d2581fdb46
SHA256

1a19b9c49caf3ee9854210702dda640989e1f589a86af8802b42ea85eb837e9e
SHA512

b48f167822eae650e353d18cbc2775970730003c0bc1d5116dc109617f015480e5e5be2e5597dc1f948bcc6a523f8d84fafb1a9cac277af542a8d9ee5c353d19
SSDEEP

6144:gG3Z4zn/XFOH4Ai8Hfw9u8qF/9nqPFTArXB5k:obv4y9ubqdTArI

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

s4h4

Decoy

v65mwh.com

ofertasempresariais.com

apoteklowamedika.com

shopblvdhair.com

jtcameraftp.com

vimlark.com

wamodo.com

mistersvisuals.com

copterapps.com

jamesebraxton.com

darmarcasepatentes.com

texasroofrepairpros.com

okaycollective.net

rughouzz.com

dgzhileng.com

markstipsandtoes.com

globalgrowlights.com

thehustleandco.com

fdgrenewables.com

sweetsells.com

Targets

- Target
  
  DC Viet Nam Order list 6-25-21.exe
- Size
  
  264KB
- MD5
  
  e1df9b8f6170bc4241edffd642949901
- SHA1
  
  261767a7e271d39393619109d1310f04dfba5b41
- SHA256
  
  8b225e713429dd95fed7fe2af260d9076d627279fc86d152baedd973f0b72304
- SHA512
  
  ce8101ebf096555be8e6cd02d261ae9a244978e91247291528d4cc49689cf5f1760f54672cfb5dd5648ac0a6c8956011faa4faf2bc63a06bc402cfdc9c74f23a
- SSDEEP
  
  6144:rTqjFeDgN8f9QQbj67yFKvyiUmSw87aplOTCMCNY8r0lkssE3plf:fZg4qQb8FzUmS7ClOTCnJglWE3
Score

10^/10

xloader s4h4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4