xloader

General

Target

db3fbdb673047b9b6705b18118f81d1714091ee1d6de2db2897cd3bdeba8a510
Size

719KB
Sample

241121-zdrq6sxlgy
MD5

d0e544a35c6cfdf892d01706bbccb41f
SHA1

38c8aa2a2b799d6bf218c54d47bdebaf48d240ee
SHA256

db3fbdb673047b9b6705b18118f81d1714091ee1d6de2db2897cd3bdeba8a510
SHA512

6cacca4599f9072e99d6d81eb193093dd4689e0d0dfae654210c67c99906f305fa0ffc85fc5b0134a7ab795fb51a29ee1360c3acaf7f78241d06465a097c2121
SSDEEP

12288:0Wyw8y6SeYawDHmD7GnTBG23L4xeFrnvLriaaUZ918kZk1jThXbzHnUHJEFa2GvX:H8dYGPGn1nkmrnvL+24PNHUSE2yvv

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

6mam

Decoy

gxduoke.com

lawmetricssolicitors.com

e-bizbox.com

ilovemehoodie.com

marcuslafond.com

bransolute.com

kuppers.info

kykyryky.art

vavasoo.com

tlamj.com

besport24.com

hibachiexpressnctogo.com

elglink99.com

maximos.world

uniamaa.com

aladinfarma.com

opticatervisof.com

delhibudokankarate.com

juliekifyukstyle.com

fuzhourexian.com

Targets

- Target
  
  3a30a00f6eab6a14476db7139c5512302b5fff48a3111ccb6ae8e0964213f8ff
- Size
  
  1.2MB
- MD5
  
  2875b6d653a9311f91e1a2f28e5538e1
- SHA1
  
  6f13158f25a54b1631ce935f90db7e3daaf4257f
- SHA256
  
  3a30a00f6eab6a14476db7139c5512302b5fff48a3111ccb6ae8e0964213f8ff
- SHA512
  
  6849621b598210ead54cfff112f0f0d571f0caf72cca48349b4471817a567ff83b134e302011fda84a8421337961a6b5d25bda8d528da54451a329dec1ac7b85
- SSDEEP
  
  24576:PSWnZPFYyblhB2PLKuUSxztfzvYIDWrWdT:ryK12D7DxpfzgHrW
Score

10^/10

xloader 6mam discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2