xloader

General

Target

a27e114718882462365354f0763277e39d19cbfc4711f35dfd03816c463fda98
Size

993KB
Sample

241121-zde3da1rbk
MD5

ab49de6be19baeef6becc24bf27e0b8a
SHA1

a4738185440da8cc13b0a08fb74916a52c8c75d5
SHA256

a27e114718882462365354f0763277e39d19cbfc4711f35dfd03816c463fda98
SHA512

a0874dfd4ffb7c1e03decd1219bd76868362b5b160b0af0fb053c2ac48ff66332b200d000b1f1205954c008d15f5ec01cf21222071ad5640bbbf670edac5d609
SSDEEP

24576:8FllvWCEbZYnBBinOi9OUFFV9TXhTA8Ul1Dg+Z628aIy5gYXJj0wEiATdUtC:eloCCZYn3sOirFV9TXhTAXl1D9Z6KgYQ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q4kr

Decoy

realmodapk.com

hanoharuka.com

shivalikspiritualproducts.com

womenshealthclinincagra.com

racketpark.com

startuporig.com

azkachinas.com

klanblog.com

linuxradio.tools

siteoficial-liquida.com

glsbuyer.com

bestdeez.com

teens2cash.com

valleyviewconstruct.com

myfortniteskins.com

cambecare.com

csec2011.com

idookap.com

warmwallsrecords.com

smartmirror.one

Targets

- Target
  
  MX-M502N_201145.bin
- Size
  
  1.1MB
- MD5
  
  52efababc6a3851961c6f045bfd0d370
- SHA1
  
  43ef6fcc13c9c324be13f419c807ba622c16432f
- SHA256
  
  4847c8f558aa540f7f018eae22699e59af2dbfee608b7076283ed79de65d8fcc
- SHA512
  
  8e94c820cdb680fa2d4941a868a32c6a6c48bfde39537970c4ca83ae3ae7c46b7b954a6baeb5967a31e41ac7ebdcbf33d7f6c119dae1729142651e4a449c6573
- SSDEEP
  
  24576:Y6jj+bAaMd3REebAaMd3sB7a8P+LNBvMRE73wmWAT1P:T2AaMVRE2AaMVMazhBoE73HWAZ
Score

10^/10

xloader q4kr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2