xloader

General

Target

0e7e8440be1095d7f7454acc1f083a0793d91c221feb471729ca1412f33dee5e
Size

661KB
Sample

241121-zd9lzs1rdk
MD5

1bb3e65491806672fea8fe359de9260a
SHA1

69ebaa71ed42c1a879a9147550b8d8e3a2e214f4
SHA256

0e7e8440be1095d7f7454acc1f083a0793d91c221feb471729ca1412f33dee5e
SHA512

af280c05940020755d0d0f89eeffa42b2b87024ed2ec628c5e7864b679f105d3d3768d9d5c537c8ecda86c8c150648325f5b12c768a20d9a8debc05d4e09ee17
SSDEEP

12288:yYKbRLvKMDUiv3qt+01xH427IonGhfLUb9e1QewMO3wIt3DviPEXT6ivLo17qADO:Bev1v3SbYnon8zUb9eye4wMX/vKNa

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nphk

Decoy

sexytinydoll.com

7warsari7.com

trufflecreekkennels.com

eurodrev.club

monstersclan.tech

deathgummies.com

mitratechs.com

kissmint.art

solid114.com

exclusivoclub.com

iegco.group

hokiboyathena.xyz

sathapornstainlesssteel.com

ci-ohio.com

royal-deliverymail-fee.com

sakisushitallahassee.com

rinconescoces.net

meetthespace.com

natbplc.com

fragcoconut.com

Targets

- Target
  
  UPDATE PRICELIST.exe
- Size
  
  775KB
- MD5
  
  a901bb7c45815da070fc9242afc8ddbc
- SHA1
  
  099ddc6edc09ee9b69dfdbe4d9cbab40f6a47b0d
- SHA256
  
  50f5a84413e64d6c7f7e816570456063ae4ff444d6f81b195b17576a21b6f5a9
- SHA512
  
  8da7c79ee9593327889e87effe6cf699db8d5fc0e37ed4c6c753f3b0de0c8f1c63be651d9b64b1f951b61dba58b019d2206ad9dbc4b98f4c0fe84ff2c091f164
- SSDEEP
  
  12288:zgolxmnZz9MYLKXLo3QMdUkF1YBusJ1ONHWi2ATHRioE/mZb94X4JFP1t2HERgP:zD2Zz9MGd5FYD+y0aZ
Score

10^/10

xloader nphk discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2