xloader

General

Target

dac3ffc1c455d8de9ca645a96064a5f36a508c3cdbc45b355cba3ea9a4d7d964
Size

445KB
Sample

241121-zfbgza1rfq
MD5

19e04a5de2159171431c86053226050b
SHA1

c7ade86b0857764532ba32886390da8b7486a1aa
SHA256

dac3ffc1c455d8de9ca645a96064a5f36a508c3cdbc45b355cba3ea9a4d7d964
SHA512

eb22e55d5d5d33f1626f2558fc618dd4e7f581bbe774ac099771f0cbe754d7be83fe33d8cdfbc44c0157787d20c667dde3de8e80d56c090b2534e3b2734d4088
SSDEEP

12288:KL8FRHyVwou0AT3yxiyuBZMlQDa6gtVlUPO:Ei6ATysh24a66VGPO

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ok4e

Decoy

drtuba.one

mosescorrea.com

xn--sxqt5eu0oo9u9la.xn--czru2d

hellounio.com

teamtigers.club

oceansaquariumnyc.com

pordges.com

pinewoodfairwayshoa.com

961115694.xyz

adeelrazza.com

baymillsstudios.com

kobaygym.com

highwaymenstickers.com

ulysse-cazarbonne.com

mintnft.fund

enjoycarousel.com

odemix.com

craftncloud.com

linuxsauce.net

sirtechie.xyz

Targets

- Target
  
  ec2fec19768b0cb797d08cdc4c1de72faeab5550bde249633e6fbb5c00771199
- Size
  
  490KB
- MD5
  
  a71c8201b883c7f1c5f44a4cf3a0c9ab
- SHA1
  
  80446ce90d92add24f70d48614a90766e142d6bb
- SHA256
  
  ec2fec19768b0cb797d08cdc4c1de72faeab5550bde249633e6fbb5c00771199
- SHA512
  
  04e165efc0df1ab7fa9f60d14772f4e0bbe9db04d1468a1580f63a7f77d530a8e91ac0e0f55a478b0d07adf75e2795f81f4bd3e0912b545b50a1a6fc33568341
- SSDEEP
  
  12288:qT/EP9uNF0WGHj03MCrysaUz3gyALnhTEgu9VeSbr1GMntyeDF:tP9uNF0WuQcCrye8y0hTEBDealtyeD
Score

10^/10

xloader ok4e discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2