xloader

General

Target

f9d4ff7b7962e68fd87afb61c2167118babe134c63fd6760f387bec880bb4f23
Size

654KB
Sample

241121-ze2mrs1req
MD5

da16592a22c527135a175576d1c17cc8
SHA1

daf5e14f00a499f9f34f6a85c89018d6ed8bca9d
SHA256

f9d4ff7b7962e68fd87afb61c2167118babe134c63fd6760f387bec880bb4f23
SHA512

fe35c47c5e4ea7ff08e3c5b5071c61105dab18110a49248778fb5b9eab3cd9a95d6613539e1dc26c328b466f12eb8c404a02c88660bc969e2b9af4a48980b39a
SSDEEP

12288:d773h9SXH3J9ZH+uLrXCFABPFTrXoQf8KxIQIB2C1nHyvdSug3bMEA2q/G8RhB:9LvqZDHRrQS4Q0KxIQIYC1HyUugr/Ais

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

f4ut

Decoy

studiokventura.com

rmnslashes.com

oklahomapropertybuyersllc.com

pmfce.net

yingkuncy.com

theailearning.com

artistic1cleaning.com

shqinyue.com

dentaldunya.com

karatuhotel.com

renttoownhomephoenix.com

0087wt.com

hotelsearchkwnet.com

dentavangart.com

98700l.com

seattleproducecompany.com

magicparadigm.com

cunix88.com

vr646.com

calmonleiloes.com

Targets

- Target
  
  PAYMENT.exe
- Size
  
  1.1MB
- MD5
  
  d639a70d7bb8cd136bc920a15ac2a5fa
- SHA1
  
  4ca0f11ba335654fe8d7dfab478202eb3d90e337
- SHA256
  
  d3e580c4794a5e5e50f2334e3ecba635ed049952c30be08f283a72e299f64f8b
- SHA512
  
  9a5c45f99c7e02a6965f413c3df9ca6408c24e0bfb934595199a04f899ce4bb02cfd3288b845cf20dc664476a889dc32c5f7571f07acdac93aca3308a157759e
- SSDEEP
  
  24576:/Fozo5ztlrUM4QgKtGoIay1vcrP0lPn1/0S+7n4SYtqChJ+hu3A8K/dwiGY1iQSQ:/wojljIKzIa+crceGP
Score

10^/10

xloader f4ut discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2