xloader

General

Target

11f36b79a24c88bf46a99ebb86d5bdfb62c5ea4105c79f5b0f25f5bedbe6e8a2
Size

330KB
Sample

241121-zggelsxmdv
MD5

7ee2356c23c881133b08235b9234c38d
SHA1

c05b4122e2f61c8c01a612e150aa0e1b5778b2c7
SHA256

11f36b79a24c88bf46a99ebb86d5bdfb62c5ea4105c79f5b0f25f5bedbe6e8a2
SHA512

235fed5e5c03de74195b46f0e8f76562ebdd06937e0857e052e514ebb55f330212b3288c08e353a94e61e06f0744903d091ddf48dc04d3645c1d281db58aea91
SSDEEP

6144:SHA73+nPuW/b8OW/GE4+e6KJenmoTUyvwA8YkF1gJPZp0vKPkYuUqKPvjsi:ROPuW/brq4+eEmoQyvwAzu1+evKPk9Un

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pnqr

Decoy

bullexch9.com

hiiidesigns.com

yosapark-gakuenmae.com

movementinspires.com

orlandas.com

flowga.world

opende.info

jiconic.com

selviclothingco.com

herbalmedicineresearch.com

contex33.xyz

riord.com

alchemistslibrary.com

ecalyte.com

tutu119.com

61ue00.com

properwayllc.com

tamitoe.com

adacompliantsoftware.com

deliabe.com

Targets

- Target
  
  PO3118.exe
- Size
  
  393KB
- MD5
  
  7472bc65871e7bef7264c09fcc028e4f
- SHA1
  
  c0420262972a81c2332f83a0736f48ce500dc2b6
- SHA256
  
  d6ddafd9aa4fbe03e73aa4f1b4854d83503eb4fe9b91dd6f3ac44a030847c2d7
- SHA512
  
  bd4c3397af0c66626ab5c35c95bb5dd74134ef348375cd338a1013c8b1c9ccf8fe936f23874153cb32145c55c01ac660d0db293e0d7451eacc907540eb9accdf
- SSDEEP
  
  6144:id/ztr1lc8xB6SSQ8mst8hTM+713eGlaUlBfqcOvCom2K9ItlkEvmrVuy5A:WvlcWBe/WRiJHmYtlPaVuyC
Score

10^/10

xloader pnqr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/cvve2p5h0gqmdd.dll
- Size
  
  4KB
- MD5
  
  7dca75191f506b4a9dac4683211aafc0
- SHA1
  
  c31b50e4d74aae90730d308d70e166c6c031ec54
- SHA256
  
  28b2482383978cb373546a80213c9c6d03e4af09f2399e5b8d115811f822200e
- SHA512
  
  382d43c225cc815a796be1a66f111dd396ce8921fb424d92987cd3055850272f597d5eee4d84ae1b888577833e134b296934a37a26c882d04f520462d99aaa74
- SSDEEP
  
  48:vpgHXJOhn3sj3EprS5qD3T3/OsV2OLuZKQi3eYmRbS:BsM3sj3ArS5qDjvV2wuZdi3eVR
Score

10^/10

xloader pnqr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4