xloader

General

Target

3123e4c92cd4d6941422414f9ecb143d1710df6218fb1195930cddb714cdac4b
Size

506KB
Sample

241121-zecnmsxmat
MD5

867665e88dec4c92c71fce8b7f7fed96
SHA1

c2518f6d371e1a196f14613b37925fa8e7e3db1b
SHA256

3123e4c92cd4d6941422414f9ecb143d1710df6218fb1195930cddb714cdac4b
SHA512

994e431263c975a16c71fc25fa89ec8dcfd1ab0fa1810c2d71f4a6155cb575f6115023bd667622b760dc843161afc1485018d6e7e8650570f2a3c07e44ebd746
SSDEEP

12288:g+fSG1KWcXCfpZntdwovGJLQAz5wAaoxqhotxiC:gISqKWUCBZrw8Gi/q/

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

njhr

Decoy

kyyx666.com

chicasgunsboutique.com

effectivevip.com

xvideoapps.com

mythree-informationupdates.com

concrete-cleaners.com

zxywxmr.com

runreach.com

khoemanh.club

basecampmedics.com

alloneart.com

thepeoplesgauntlet.com

pinkinomanbeauty.com

level60media.com

master.recipes

acadlearning.com

1001voltas.com

bakegeeks.com

fontaine-escargots.com

lushlobes.net

Targets

- Target
  
  vbc.bin
- Size
  
  597KB
- MD5
  
  1bb71f860cac16c4c91c54c3c3265bda
- SHA1
  
  fd4e4d8c5ca9ee17440d8ba313964ee1f8d689b5
- SHA256
  
  c9619641b9ca07b139cc64d223eadad4731fcbfce7e0653ce4583b4ea05a686d
- SHA512
  
  15c40a03d2f6904fad34d34c3448491eb5b6e40246e3a1296c1f366d0a3337570ce94e2b1cb44bf09b6e7e5c18ce54c1c06f802a15c79430ccb1e603be2e1171
- SSDEEP
  
  12288:srV9sI1blVffLr7oMvuHo8HPrZG94oVMXDcqC/QVI17S:89sI9zE2So8HPoWhlZVw7
Score

10^/10

xloader njhr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2