xloader

General

Target

8ef3fecd16665ebbeb83615a773afbaef4dfd20882b257490f6db7e3c8216c4f
Size

563KB
Sample

241121-ze5pesxmbx
MD5

c0bbe72fed26e0dd79edd08bfd033c46
SHA1

4b74dede0cb1bc574df62b9763950c26511550e9
SHA256

8ef3fecd16665ebbeb83615a773afbaef4dfd20882b257490f6db7e3c8216c4f
SHA512

8aeac60227dd20fdad324b0bdb3a5ddd72f41a29d8b740c8f969452059f80f6dbefdb7db0ca8a55df4da4a3c3b4a9e8d173267e2f8dc9bd8a06ffbfa646fb65a
SSDEEP

12288:B+VMuwoNqWjAoBajre8ZQ5JLEL2pkCs5cy7sKK6YWQkZ:4PwoFMOajHZyq6iCs5/sKK6EG

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

a49i

Decoy

myprobioticspayme.com

shavers.today

cinqueportshealthcare.com

itmservicesincne.com

credit-comparison.com

xn--2kr800ab2z.group

onlinebiyoloji.online

risaki.net

americasgotargument.com

rosinterpro.com

cortadoresdejamon.biz

hotamourclub.art

boettcherlaw.com

nuciic.com

redesdelraco.com

chivang.com

yourkstreetexperience.com

yourwaykeji.com

natureate.com

bidyawasterecycling.com

Targets

- Target
  
  7e6427a98f29121c3cb7f3ddaf8aa6d320692178c7d178a0afa501a768459429
- Size
  
  733KB
- MD5
  
  90b4e3114f0b7c76ac881e7fa9d1cda6
- SHA1
  
  39be487b01e22c2c70949f5f6d7793f65c8927fb
- SHA256
  
  7e6427a98f29121c3cb7f3ddaf8aa6d320692178c7d178a0afa501a768459429
- SHA512
  
  4eddc982f41d2a0e074364f75d6d16f5d69d36ec3643f2e52a3ec1d496fe2411ba9354202b4848c8bd571335496ec679ac5d181c6be77d822a0a3fbfedbe27dc
- SSDEEP
  
  12288:xamtiK5o2lNaAW0EEgQ+blT9MdBb+CObeV/H4E9UxhG8ERey/pp6NqCVyIPijk:0+Fo2lNpsEGbB+YeV/YEz5Rrxp6NZVyj
Score

10^/10

xloader a49i discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2