xloader

General

Target

d24a20267fa5f97927358bdb6a5b6776492d35b2b67a89858425c654fe84d5f8
Size

480KB
Sample

241121-zgyc5asjan
MD5

9c4939cef0b23ff82a57e9110b88e7c4
SHA1

91ceeff3e8daa40eed2124ebc12eb982fd7209fa
SHA256

d24a20267fa5f97927358bdb6a5b6776492d35b2b67a89858425c654fe84d5f8
SHA512

753a09158d2e66aedae2f03f0df27a1c6a2f8f4d8a233fb6e046311dd58dd12f11ac59e776c5369e0d65696bd683f3e4430b6c8322db07eb5dd02db3391f2503
SSDEEP

12288:M6cDxGygQMDtcd2T0ABjCcSe1EcBHtiKO3J6Qledt9+PdOJnzn:EGD+8TtBjCcSedVxd79Kczn

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

nins

Decoy

wingsmh.com

honeyconstructionmanagement.com

aizaibali.com

twelve11transportsllc.com

aadetermatology.com

sarahdewald.com

si-kap.online

imperiummetal.site

srysyoga.com

fbirelationship.com

drtracielashley.academy

jrgsestates.com

affordableseo.club

triggerfingerboards.com

halalmine.com

shopdogwoodhill.com

qad.info

nocraphere.com

misskarennglishteacher.com

march.wtf

Targets

- Target
  
  ea5d42beb9693c39239f8cd6475af0e9
- Size
  
  531KB
- MD5
  
  ea5d42beb9693c39239f8cd6475af0e9
- SHA1
  
  dea2b68e605e354836c58b8f592511f6b26513b0
- SHA256
  
  500db2ef97a164d00676ba3cff04cf5a34962220a2577ee9833333ebc685c807
- SHA512
  
  df1e7ddb7861b5cf3903ef3532746e8a768bb6e41c54a377e07abec4d7fef41487bc69019e9ddf0fa01cfad08d3fdcd46d739a868733ba3cbaa6befd071fa1fd
- SSDEEP
  
  12288:uprq6gUzJr6qDU34H85iPZtzCy8rKkzBUIe8/D+l:uprnEqY4QcZx5LkVIus
Score

10^/10

xloader nins discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2