xloader

General

Target

e775d1def135834d0c6929b007131891f07709f87dc94b761d779205aba86c20
Size

244KB
Sample

241121-zdkmvsxlgv
MD5

7d09037ee14ddd7d42c9cab87b01c9bd
SHA1

f818f411dea2e14e7761467c9b47052beeb6d670
SHA256

e775d1def135834d0c6929b007131891f07709f87dc94b761d779205aba86c20
SHA512

e5df513b298954af4531dc20f1523bd9a012f99bfa03b43ab43a27af0dfa9711c7cffc499adc287ab0d4e378f9af567520b8520cccc57cefc4170d5a9a47e6f4
SSDEEP

6144:0n99W00eQspck9Dcu/4XiBEp31TCmmQ68XL3+jLTVnKLiL7Gp3XF9RS:EQspckBcu/4X0qFCbQ68XbeEiGp3XA

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rugs

Decoy

modktchn.com

autoairplay.com

gadgetvictory.com

view-one.online

green-zen.club

xysgsjc.com

unikokitchen-usa.com

arteologia.store

clearing.global

metaelectron.com

eldovera.com

mcftaxacct.com

mainlinepak.com

flawlessvn.online

ureumpomp.com

loribethperez.com

willahandcreations.com

fileextensiondownload.com

dadsgametoo.com

dolphinec.com

Targets

- Target
  
  2 months salary receipt.exe
- Size
  
  318KB
- MD5
  
  39a410d21ad5980790d452986c2ea66c
- SHA1
  
  7812690099a0f3affd68c9a61d383e6ba1885659
- SHA256
  
  3a52310de39c5fcde9a4497c2393f6d21581b14b191cf377bf9588f08312572c
- SHA512
  
  d32ea0f52be61c0d4048ce64f4b6fb130b5097b355cb7e46ef9aef07b3cefef374a3074dfc7211f1e7d15180f091728893f432b02c877c197a5b288dcfa18d66
- SSDEEP
  
  6144:bi0qkSQYhZeTtORPQ/KhtjPhrIqZIf/OKQoAY:yJfeTtmSKhtPPKQof
Score

10^/10

xloader rugs discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2