xloader

General

Target

8381d19dc58f90b1128943d60b41930dd0619f4a7ef0f2940aff2f5f8c234627
Size

408KB
Sample

241121-zdxbna1rcm
MD5

45ce6a1195a842497365258b706e319a
SHA1

2afa306daefdf66f760cfb2b96b8eca040932242
SHA256

8381d19dc58f90b1128943d60b41930dd0619f4a7ef0f2940aff2f5f8c234627
SHA512

019a6f0ec3003a363ffbd8ea00875454c33d78e832c35e322641af56acb80c3a46a9288195f0a4e9d4b676342be8fd1dd19dea014d77975e7a776b26a44d6b4f
SSDEEP

12288:54zckY023RBIEtjdg1XRtT0yDH8QiJa51AU:54zckY023MEtjiXRtT0yDHj8U

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

n58i

Decoy

southerncircumstance.com

mcsasco.com

ifbrick.com

societe-anonyme.net

bantank.xyz

dogecoin.beauty

aboutacoffee.com

babalandlordrealestate.com

tintgta.com

integrity.directory

parwnr.icu

poltishof.online

stayandstyle.com

ickjeame.xyz

currentmotors.ca

pond.fund

petrosterzis.com

deadbydaylightpoints.com

hotel-balzac.paris

focusmaintainance.com

Targets

- Target
  
  b092672d7f36d3deaab664c0a562b055f9cee3f247328e639aca58f025f979ca
- Size
  
  480KB
- MD5
  
  66fc712a2dc1321fa0fc6bdf8bcd82a5
- SHA1
  
  7870ac22e3c8233430e0c5df62c72397f29e1294
- SHA256
  
  b092672d7f36d3deaab664c0a562b055f9cee3f247328e639aca58f025f979ca
- SHA512
  
  d0c101943eb61750234a838e1c5b2571996c64c5f0800272656d74e79dd60e9737e3c5326978ff6dacdd32bde71b88b46e0b4b9e87cde7e09f1246bb3667e7d7
- SSDEEP
  
  12288:7GR+JWHCM2K4C82OJDY5/pMTGel5JutwUXr/oS:J73CBOdceT3StvXrQS
Score

10^/10

xloader n58i discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2