xloader

General

Target

578cbee4a1035bc7e9679b0e478647556b49b2d4310b1f3beb2d531c3d283f80
Size

738KB
Sample

241121-zd6kbsxlhy
MD5

3f53e3271863ed85fd794e05ecf4fa07
SHA1

108f0ea7f357957be6586c8c4569f51038e3e4ce
SHA256

578cbee4a1035bc7e9679b0e478647556b49b2d4310b1f3beb2d531c3d283f80
SHA512

e4854a1869ef24c23d47b29d3fd17b5a9e9fdbf3594f0e44218d3a21f1214026494d5b11f24a5926bc8d4d7394aef849ad09aa288d594cc63733539fda662ca7
SSDEEP

12288:SHC5q0TdBCQEmdloD3P5uyNI6sXNgfaUPbEaPjMj/Y+ZBBAebacN3qaalwQj:SHCgmB7iRla6DDjLmQvebb9alwA

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rbpi

Decoy

la-beaute-de-jade.com

sipsiew.com

hhshowstock.com

csxcdz.com

letsgetsocialconsulting.com

projectcleverweb.com

curiget.xyz

isearchjokes.com

smkpgri35jakarta.store

racismratingssystem.net

passivefiresafe.com

warpkings.com

52cbb.com

healthcential.com

kino-hd720.net

guochaocha.com

highseachartersct.com

voteformarc.com

mmcaraccessories.com

forevermusicgoup.com

Targets

- Target
  
  2021-04-18947 OC INVERSIONES RIVASOL PDF.exe
- Size
  
  844KB
- MD5
  
  e12a4d95a3ee125919a807f7913b19e6
- SHA1
  
  a026aa3538d4580c55d4816ef580d96ae9951788
- SHA256
  
  b13a9b07dcfd6677e3092a0cae29b08487bb56d12345f3bd13931f2887b1738c
- SHA512
  
  c4479179a68c9e0f921f35fa7158a91199697f807b36a2d1704c6e34f74770965113c296d5e93ce0a827db9100fa60e4fd07c8bf40ac49c89c260689036ecb37
- SSDEEP
  
  12288:Y6VhCe+/DPYjaV3m9O2SSIuHwwHjdlnd5gzKa9TEFLYjP+osyn12G1Ps0heGdMGB:YbRjYn9OxSTp7QKiDqR4bnhemt
Score

10^/10

xloader rbpi discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

CustAttr .NET packer

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2