xloader

General

Target

923a3c45ee78a4f7354e94eba65cfb6ddd5cf19c50391bc4d95efa0dfff7f526
Size

206KB
Sample

241121-zcnm5axldv
MD5

a939c79ac4e8e8a0d5f6b9ab07dc5c44
SHA1

50b6796927d4df686719184c0f714e6ef8bdb339
SHA256

923a3c45ee78a4f7354e94eba65cfb6ddd5cf19c50391bc4d95efa0dfff7f526
SHA512

093d5f46cd5c3002450a951bd1514919684c471ab3461e89b4d5b1f70bf068baaa43d6aebad11e56e0c504f1486a66922f3666868f9126533bc67d87e85e5132
SSDEEP

6144:g7CsTaa9tB4GlHXFBIH9lHEeueDHdAcJNP:sCs+QqOFuH9lHEeF9XzP

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

dp3a

Decoy

frayl.com

utmostroofing.com

galactigames.com

kingguardgroup.com

goldinsacks.com

platinumcreditrepair.net

sw-advisers.com

ininjawebtech.com

spectrurnvisionpartners.com

freshdeliciousberryfarm.com

12796.xyz

goldgrandpa.com

chicago-trading.academy

newstechealth.com

pecon.pro

2dmaxximumrecords.com

athrivingthirtysomething.com

universalphonemarket.com

motivationinterviewsinc.com

virtualrealty.tours

Targets

- Target
  
  Proforma Invoice and Bank swift-REG.PI-0086547654.bin
- Size
  
  218KB
- MD5
  
  b148ae414eb8a1b34a15cdb32c21f9ee
- SHA1
  
  25b78f76010cc34843352c78d4f8e07a28b46b32
- SHA256
  
  193788545c12c697fe660e9dd178e5d97478d5b90d5b0096f1cd6a9b641d48e9
- SHA512
  
  9f6efbfdd1ab7bed6e0efcff882fd05816c0cbb6b413abce562f1ab6c8adbfa2d86610299be8d399ba36a305b64cadc762806eaa4c647d9b04fd457ec1537d0a
- SSDEEP
  
  6144:Ds9G4RsUIfpwRmZfqJxbx3jjTQeGYWAaE:yG45IfpTIxV3jHQeGYn
Score

10^/10

xloader dp3a discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4