xloader

General

Target

7bdb88cb345cad1d093afcfafa7d5c0ca7b0d09981765e730ea33bf0e39994a2
Size

1011KB
Sample

241121-zcrpsa1qhp
MD5

b8744c92b9efdedbe878b9394dc7c20a
SHA1

97900403372abdce2c9884ff6453990d82e62cfa
SHA256

7bdb88cb345cad1d093afcfafa7d5c0ca7b0d09981765e730ea33bf0e39994a2
SHA512

daec8a471081e4259effcf3744be9f3c644812a336c7d3303daaa6246ba57b2011077b348419ceb1f484e228e88b2ae6b0e4eb5c2c9d4bc40af8e8673718d200
SSDEEP

24576:hrZw19pGdZnngiFz7AvRxnRVu0zJZrSIzDQPoe+erMdazt7f:hSrp9iFvAvLJ1DzeudaJ7f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nug3

Decoy

movinggameplans.net

sunrisetillsunuptow.com

vessaifeilde.quest

ov294.com

baobabbijoux.com

startuitive.com

sharj4030.online

neogenesivenice.com

timopartanen.com

julianaeclarindo.com

xbtiyu.com

tile666.com

hmgame668.com

johnfletcherllc.com

lingkarlengan.com

fdiqw.com

pathsat.sbs

age-oldpklduy.xyz

0876jz.com

misight1day.lat

Targets

- Target
  
  8f7d7d1a049ec6dc888d93c883c89701febe96cc0749608627e9ea3131f9e633
- Size
  
  1.1MB
- MD5
  
  79696e14b286ae152091d0090b7c0105
- SHA1
  
  510a8bbeefe8d4407f9e032ffd3438be22f280ca
- SHA256
  
  8f7d7d1a049ec6dc888d93c883c89701febe96cc0749608627e9ea3131f9e633
- SHA512
  
  b3cd13482dd7bad3b35b274244f139d6801d263ce7e2a46fb6f3774b7a05db03349630df8e6fd578f74e349513d95c16b63d0d15d5ccda1e7db08018790a6087
- SSDEEP
  
  24576:iW93G9psFtc0ZlaSZOTTSNdOc+SqWKVyxqwVdLCIQ6a:Z3iM/Zla2KSNdOLyxxdZha
Score

10^/10

xloader nug3 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2