xloader

General

Target

200dac824887791e02649a4435a69afd76b1e11de67bfcc59fa389c6aff4a26a
Size

262KB
Sample

241121-zhdecaxme1
MD5

9cb444f6953f04a5bc8aaac4c4cd0498
SHA1

7c48183af8eb7e8ffae260c3de892c6097eb1511
SHA256

200dac824887791e02649a4435a69afd76b1e11de67bfcc59fa389c6aff4a26a
SHA512

103eb3a458f8ee13f319b3a3abb1a9588812c52028bd5e3ddb6dee878bcbddccd7f2ecec881b649a0762e88e04f1ca3352f41898853728f347a5f0ebe5c71818
SSDEEP

6144:Vxs0uOMCzPcV2Y/Ze0IYXoCk5LzEgLEFb2PNRkoyKy:TslOM+UV2MBXBkykPN2NKy

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

eo5u

Decoy

nottooshabbyfurniture.com

replacementmind.com

monica-beauty.com

justicehabit.com

clicypunto.com

luxurylandlifestyle.com

luxuryteashop.online

eternalptc.com

salthooker.com

photonbet.com

instipe.com

leadfolia.com

haogu-consulting.com

activedevon.xyz

bonijsnv.com

1worldtraining.com

skycima.com

angelkov.com

zcyr365.com

ourcloudbox.com

Targets

- Target
  
  Ejima.bin
- Size
  
  564KB
- MD5
  
  e55a15226b4a4eceb0842404d977666a
- SHA1
  
  938203976b1cca4a4c93c7f96fdebf38af6db078
- SHA256
  
  f1b2b93992ab956883815e6fea926d282fc3a423675fa1faf5ffb6cbb2ddbedb
- SHA512
  
  63b02d2a066a776fffa0a5c413ba62e7c55e9f0e4c5b8de498844a6151dea02875653c437f6ea2cde5bc166dcb8ba4ae3d4c6822a703ceec46ecc0b832c74ead
- SSDEEP
  
  6144:bBlL/RnnQQdz69b2ArXwgqAVT2g4u5rbiDhk1OtMzbOTOX:txI/XwiVTA+1OqvOT2
Score

10^/10

xloader eo5u discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4