xloader

General

Target

eb16b18a64e98c59dfdd4701f1ec0b3cd4d357abf31a824598843229a677e9bc
Size

601KB
Sample

241121-zea5taxmas
MD5

404ac227d5fdedd3388097bf467f19e9
SHA1

c94d314310dcfba26afa7df63f95b7211e42629a
SHA256

eb16b18a64e98c59dfdd4701f1ec0b3cd4d357abf31a824598843229a677e9bc
SHA512

d5be271bca804cba2a9a53ee2caff028879daf1eeb16d6983ad9ffa8e477e72f42c1c6ccf4b82ecc5b4ddcebae91c9067a182036c54ef233033b6d85216f5e1c
SSDEEP

12288:bNffnn/2zPTEC6rMZ5s8e++A5BFOOEAMKvr081xsHe9J8PFX0mp6:bpfiEDoZW1UBWAMerzwekGY6

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ssee

Decoy

portalcanaa.com

korzino.com

dlylms.net

smartearphoneshop.com

olimiloshop.com

auvdigitalstack.com

ydxc.chat

yhk868.com

lifeinthedport.com

self-sciencelabs.com

scandicpack.com

hold-sometimes.xyz

beiputei.com

yourrealtorcoach.com

rxods.com

fundsoption.com

ahlstromclothes.com

ksdieselparts.com

accountmangerford.com

kuwaitlogistic.com

Targets

- Target
  
  1fad173e519f8c7cb34093e926807794765789e79d377e89ffe201ae8d76dd99
- Size
  
  813KB
- MD5
  
  efe545e522545ef40bfcbacca20c71fc
- SHA1
  
  977ff6a2a699c8d10db1797334f0aa0ec5893a33
- SHA256
  
  1fad173e519f8c7cb34093e926807794765789e79d377e89ffe201ae8d76dd99
- SHA512
  
  3875d4fd4a9bb7737b56ebc1f6357c17f3950883e1a9904ad689227307c983afe8134d4392a7ddf34f499a5e2c60c5b9a5dfe5bcb82ade5923f8120106c0210d
- SSDEEP
  
  12288:HsNpRUvsmtiK5oUZN3cIjn2YIGnraJk9JQW00aqvYqhAIWIGV5fnGQK:HeUU+FomMIjn2pJkU0DlA3IGV9nZK
Score

10^/10

xloader ssee discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2