xloader

General

Target

6c0778694e8a39f2eb2e6da0ec2b51dfc109aeee5402a53dac9bffac511f5ef9
Size

958KB
Sample

241121-zdy59a1rcn
MD5

e7b1fe6e5550352f9e939693161dd436
SHA1

0730a5282ba1e0adbf9339c0cbad0ef7c6b0e881
SHA256

6c0778694e8a39f2eb2e6da0ec2b51dfc109aeee5402a53dac9bffac511f5ef9
SHA512

dcaa9a85c3df2aaa1833a20afa75adf19fd562f0a635ea57c973137d2da9536fe56fbf666624ff44cf2c2f584f434bf192638f21fd172eb2b0cdbce2730a2361
SSDEEP

24576:7m4wdLxHZnyUovsq4P+Mjfb8ijtIspdDp7x5hBOzvJ6hTWJcNFlrNleRsCny/X:iTOvsq4WWJIsfDp7DSE5icNTIsWyP

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

iuem

Decoy

agileatefoundation.com

preheimphotography.com

blueivymart.com

magetu.info

sunayah.com

gulumsecafe.com

belveder.net

pumpkinmangaming.com

playd6plus.com

thuanland.com

blacklivesmatterforreal.com

enviromentalco.com

ferronnstyle.com

mrbeagleshop.com

whmlqx.com

unifiedfederal.com

purest-you.com

ashleymartinonline.com

bayareaportraitphotographer.com

ysnrjelx.icu

Targets

- Target
  
  433c9b077a6f8983fadf6831ff9a02d3105b5b32c325705f3d9c7687a0e968a2
- Size
  
  1.1MB
- MD5
  
  9f370c2fc3e45cf57abc978111e17955
- SHA1
  
  5f5d4287f9be36e79b28869c4306b6ba0a32a49e
- SHA256
  
  433c9b077a6f8983fadf6831ff9a02d3105b5b32c325705f3d9c7687a0e968a2
- SHA512
  
  555f3f1fc874e904dce1861db826c567640899e4fd65fc380e2df0502ba39e2710fc208d89fc06c9ef7cb3d97a116045714f1ef6c538b3105faa8e15d0f6d213
- SSDEEP
  
  24576:19tbAka1AdQY/Pmazg0n5f9l6PIYpbjb6:1XbAka1AdrO8D5FcxbH
Score

10^/10

xloader iuem discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2