xloader

General

Target

bc0103a796d8d1052160e0375c7fdd65ebe7ca6a82a1ced95ed89fb5b728f7bf
Size

427KB
Sample

241121-zff3fsxmcv
MD5

fc380ab8a3bbf9b221438a4ccd2ae17e
SHA1

1d7fe8b4e89608e736d8b91c40b49a9b11eb2724
SHA256

bc0103a796d8d1052160e0375c7fdd65ebe7ca6a82a1ced95ed89fb5b728f7bf
SHA512

1ad94788bc81b6acfdc39edbc5e29ba93664cd2523108384694ad1b162bc4e5dd851799fe780b9e332fb52d7ca4c5f56a3092caef2383e066fad99d498627454
SSDEEP

6144:cACgXgrcblWLs4nI1P2Q2Sn4qZiqaG9DL0blY/aeWaiawT/UIWt2+2T1S8yamMR:SgickLaJrZaG9DL2YVLwT8t2rTV91R

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

24ng

Decoy

thesmarterhold.com

meandondita.com

getzlppi.com

kaibosatadom.com

ibggroupkerala.com

emmymorrow.xyz

wandallia.com

jogiyoga.support

vuagiaychatt.com

jadhavconstructions.com

hypydeals.com

brightstarqr.com

unifi.group

derm-course.com

jvbcloud.com

upuwallet.com

115manhuang.com

ashleytdg.com

ptpatennis.com

noodahl.com

Targets

- Target
  
  vbc.bin
- Size
  
  713KB
- MD5
  
  6dd65cf5c7523aff3f622e3ab7142f91
- SHA1
  
  e3ea22daf35fe994b0612550cfdf8009c2fee3e2
- SHA256
  
  3b49fb8bc04b8446394c1fd905fa6ee17155a5d34284a509765bca640cbbd37a
- SHA512
  
  c2d425c8e557504dadfda829fef525d0f2f6e150cbad95d6e40b0d20765d78e6ea4c114522b498effb006dc766645ba3fc82ff2b2c881807da0a497d81c0e91b
- SSDEEP
  
  12288:LGUUogb8YUPJh3b+vz+TA39U5LiiHdmEorzEKMK:L5UoVPJhFAtUtrdor4K
Score

10^/10

xloader 24ng discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2