xloader

General

Target

762dd852506aea16a7cd743a103dce8067bc4906cdd45843778e7c0602bcc142
Size

561KB
Sample

241121-zdvsts1rcl
MD5

f3fcc871f93d90cf6a0deb8c21363d5c
SHA1

8c7dca117779798d15139d42140bfa343393e70f
SHA256

762dd852506aea16a7cd743a103dce8067bc4906cdd45843778e7c0602bcc142
SHA512

a22985438780b64b8e4643dd5c6bb7429e1a3067f630bfce26fceaee1cff5e0f096f2490f38d5e1a43758ffe0aca6269cf48c2567d677d723625d2b1082fde56
SSDEEP

12288:0zFwXFyy2pgbFOhFF7tQvf53s8VzUmw7StQ7onszndt3ssM4ehH:0zFwM6FmvOvflZU3gbncnr8Zd1

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

c3sc

Decoy

vnye2037.com

adopttongling.com

miss-bim.com

ylyqrbii.icu

iregentos.info

teseipropiedades.com

jsprimer.com

keepminkowicz.com

7999399.com

bdgooddq.com

komovnrebi.com

politicalswim.com

justokaydrawings.com

eglidons.com

ici-voyant.com

thirstymarketing.com

viajesyturismo360.com

shadesofshadow.com

learnenglishinceret.com

notnotdown.club

Targets

- Target
  
  Original BL Invoice & Packing List pdf.exe
- Size
  
  1.2MB
- MD5
  
  32edc7a227ce30813c73756c2fdc90cd
- SHA1
  
  bcf54c69b988f72a819f15692f53f5eb839a4be7
- SHA256
  
  3f88232fbf581d4a628de3b80c624fdabea29d159917ef596fe13b2f49f8268e
- SHA512
  
  c97da96cd175f107538eae3a7eef076b24faf69721ab52a2d01b0a5b2c67f3140c2b8eef48d51a4b74334eac8f678116102705aff66cc127eef8c82693a9f989
- SSDEEP
  
  24576:aYNkCmS4OsBgo0q4wMZa3mK/vfW+t3leBsAU8:aEZoHMZa2K3P1eB
Score

10^/10

xloader c3sc discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

CustAttr .NET packer

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2