xloader

General

Target

a605694b9450c9689007a5b3ecefc0ecfeafdb646fdfa9abaece1efb3dee26e1
Size

375KB
Sample

241121-zddjjsxlfz
MD5

e1454f7223a07b9df1e2383bb19600a8
SHA1

bed11620eeae61cdb4691c02d3594acf7f696053
SHA256

a605694b9450c9689007a5b3ecefc0ecfeafdb646fdfa9abaece1efb3dee26e1
SHA512

1445142c1161d1fe9a3526265e734a9dc8e11dbf95cb4b9e9f557a7a22265fdf9bc52ae02dba800ee83ead94d06794afe2c2910db663f25d0c64442365e4a894
SSDEEP

6144:axI8s4NTVVUwylQDsWMw2urxWoMrEvmiBU+dwJu/L7A09r6XBr9k1GWDy/vvrJZ:cI+TVV5ylw5t2uFaYndwA/L7QBr9zWwn

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fo8q

Decoy

idesignbymadelinefl.com

finleygoods.com

hfxyyq.com

jjhh9656.com

superstarcoding.com

synergybridges.com

fantom.art

zebramovie.com

keephimmine.com

cmbego.com

shreegurudattaenterprises.com

appcoinsupport.services

roysecitystorage.com

gentlemensstories.com

hubinternationalinnovation.com

letscleartheairnow.com

strueyouneedto.space

schoolofsevens.com

cannaonline.net

slimmersite.com

Targets

- Target
  
  PI101019-EP-6.exe
- Size
  
  597KB
- MD5
  
  eb4cfa209e7877fdb60620b926169ae4
- SHA1
  
  1e5e15f1821d8ba93f95d3f83ed00cf062d38254
- SHA256
  
  00fd435f5148276b168042af3f4e364c0bbcfb3fae15be2b6fdc932d38230648
- SHA512
  
  f52c9d76654991442fb32b614f41ad428d320e5d14cbb34788f7fb5544271dc07bdb465b6bbd0d38b1ad5508aa1b3e478487a945b62736a2c1ab084c0836809c
- SSDEEP
  
  12288:VwU018hOqZNkEDwDf3DdSTaKpu/lYw+5G1q:VA18JyDfp5Kw/uw+5G1
Score

10^/10

xloader fo8q discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2