xloader

General

Target

870c6d53a7774a671705d2fdaa652c40cb4c317945c652dcadd0a0ca2dec4179
Size

1014KB
Sample

241121-zh5tlasjdn
MD5

1d1e021672185fffebbecb9f8b9185c5
SHA1

86c42aaf3403ab2a34068b8196cb855bcc402b44
SHA256

870c6d53a7774a671705d2fdaa652c40cb4c317945c652dcadd0a0ca2dec4179
SHA512

a57b96f98631062d7a21cb9202beccccb116d09464d5f67314ed0455c71f3006e5877dd90df147a80916e648dcd8d92fe01e4065ec5412de1c6866d0eb7f9c52
SSDEEP

12288:bSKLeIYrcQCGGSNdHp8t7RsTeVSKLeIYrcQCGGSNdHp8t7RsTeR:bDebcQCGLPCV6MDebcQCGLPCV60

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m3ci

Decoy

424964.com

ocean-breath-retreat.com

icidedansdehors.art

wrochtthurl.quest

6455gfg.top

dgfipmailservice.online

banjofarmenica.com

dkcazin.com

jobs-fp.com

karens-kornerr.com

parmaesq.com

nuevochile.net

inputsquad.com

consultacedula-sep.digital

taogoubao.net

gimmesolar.com

bluelacedefense.com

grandagent.club

warqatalzawaj.com

getvirbelanow.com

Targets

- Target
  
  Scope of Work.exe
- Size
  
  739KB
- MD5
  
  8bb595e02dac37f067a5f159c056b939
- SHA1
  
  831ac2fde895feed37bfdb54596246dd74cde684
- SHA256
  
  fa34b787daecd743a4def20fdf8901838458c8311ba9bbb5fbd650ff48841cf9
- SHA512
  
  aa42299ece48b9eb03e1b1ef72f2614951b0244a5497f7e90dc8b8d5a3616c8a66659bedc44bd4399552f61d51d26690d30ab894de35a8cae935c75067e769da
- SSDEEP
  
  12288:tQ9kK6UTQX5cwHgAM2EPmK7WjS/TXKjoqtq/hmz088+wSoiZEb/zHfaBtRoMkxc7:EkWTQXyv1xgjjJU+CX9M
Score

10^/10

xloader m3ci discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2