xloader

General

Target

5e11973caf31e0c83fc1a631beeadee02f93479f86b0868b4931dd5bb3f9be66
Size

403KB
Sample

241121-zd42haxlhv
MD5

9870ce45431655e22fc3edf98ea05004
SHA1

df9c8178381b815a62753c1dd1617808b41d55b2
SHA256

5e11973caf31e0c83fc1a631beeadee02f93479f86b0868b4931dd5bb3f9be66
SHA512

f47f211932e62a49cc8cb8571347a4099ac26f964c28f54ea20097d68d105fe8800aa649684ce5309f15ef07e43a015cd7c947a92d7394b1e10b855f2ae6f323
SSDEEP

6144:x+sv0GvwQh+N5TtLzwISJhJ2ur0C9W32b3gz1yhAyfXmKwU+SEuGiQIleTaQSej7:xwGvpU/W50CwkgzJaCF1AeWQSvG

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

imm8

Decoy

insteuctire.com

zomkeroad.icu

setiptv.pro

hk2good.com

writerby.com

giftebuy.com

siterising.com

learnsmartly.net

paanopinoy.com

jerikocreativehub.com

whitenoisestore.com

itownfwl.com

kumamotors.com

luxqueen.club

psychiaterinschweiz.net

sanchez-gomez.info

seriesplum.com

eagleweldingmn.com

6917199.com

kundantanti.com

Targets

- Target
  
  New Order.exe
- Size
  
  667KB
- MD5
  
  134c68f4ba727914ca795a08469c4f33
- SHA1
  
  8456c17f72835c8d29c5b9fc1a06238387d844e7
- SHA256
  
  ff2af0f4707662de20a3fc74ab715cf0176d51c5980070b54d807f3f69f33405
- SHA512
  
  e48c73b218eaf799d2c4d0bbcc998d3ab944787cf4bf9167878272794d8e2a773cddc4a0ca29f2271b988d8f8fdb285bf11d3eafb5663c458a54d82389238b13
- SSDEEP
  
  6144:uVZPkC0WtDY9oTU7IFbkCFHUxvsfT3UprvGVXn+TFRuUlkRPJiSxjAqLFJLgG:u7PmsDYiTEao+Wdprvs+vuUlkRh3jB
Score

10^/10

xloader imm8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2