xloader

General

Target

ebb7e25c6b96a21019f7c9cf885cbafc5223bb632dc5f8d10db1811830c6859d
Size

281KB
Sample

241121-zcl5as1qhl
MD5

8c72370b8556fbc056f1612c945950c5
SHA1

1b723c27e8db531c300bc99f1858f9f4746a9851
SHA256

ebb7e25c6b96a21019f7c9cf885cbafc5223bb632dc5f8d10db1811830c6859d
SHA512

447fb650f0f82dfc49cd9e0b7c1faf5e7008bdf14f72e0ea0115049de795dfa62bc947c2d63fb51176b21bae54676f5e810f981aa7138d805c02c2b90b3b12c5
SSDEEP

6144:2TC4GQYmyhY6ydzGvzXu2UDOyDKWwDrW12P4v2B/BJ66R6DHY:2tGQYlIhONWwDrWsg2JBFR6DHY

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p2a5

Decoy

gorillaslovebananas.com

zonaextasis.com

digitalpravin.online

memorialdoors.com

departmenteindhoven.com

vipulb.com

ruyibao365.com

ynpzz.com

matthewandjessica.com

winfrey2024.com

janetride.com

arairazur.xyz

alltheheads.com

amayawebdesigns.com

califunder.com

blacksource.xyz

farmasi.agency

ilmkibahar.com

thinkcentury.net

eskortclub.com

Targets

- Target
  
  b7cf8d9d8db4c5eaf796d35251bfc2b24f34c2c77d2ca82a1ebf470323c0894f
- Size
  
  292KB
- MD5
  
  be6ece1b6510c986870d8ceabb87988b
- SHA1
  
  63795ce8b9c7fd5ec3374e3e012b3898a8695f53
- SHA256
  
  b7cf8d9d8db4c5eaf796d35251bfc2b24f34c2c77d2ca82a1ebf470323c0894f
- SHA512
  
  c7296be4cf5c14ada776312ceeedd29b52b6e4e228e6f1453e5485571099f6c517e90c6f33b88835b51130056bca6d2401d1bd6aed7e0b9d590d3b7b2c60a334
- SSDEEP
  
  6144:oweQYmMhY6ydhGhzXu2UDOyDSWwDrW12P4v2B/Bd66R6DWV:6QYNILOzWwDrWsg2JBxR6DWV
Score

10^/10

xloader p2a5 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  cznfe.exe
- Size
  
  120KB
- MD5
  
  3464aade4cb916d733fdd606c3d70165
- SHA1
  
  0c47d2c2d6a12cb78275f0d9b3190b1aad04805b
- SHA256
  
  a1b617196797fb690647c6f4f0329be8087bdaf222bdbe8bcd762ebb619e5ad2
- SHA512
  
  a4c01810521414aa8ca7757fae35f8710f37d109360d240483063dd22db3e94e32cf9819022e4e1d7b3ee7845fa635bd9417645beb99b400bf3f8e93cafbfbeb
- SSDEEP
  
  1536:IfWkvZXO/xInkKwbKL8z7ekV0uBNb9QXCLo1QJ//SivVjSoFiALGbJMc84sWjcd1:2vZXkQ5GoI9yco1Qp/7eanNgI
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4