xloader

General

Target

c1f6016129d2feade7d47ed892dd828196ce0682a87ee41dac26db1403954904
Size

914KB
Sample

241121-zhemeasjbp
MD5

4ee3c9f1cd5a1905673f5ab9e14ed6d8
SHA1

8213a4670e5cb450aa65bc3107abd98af62b509b
SHA256

c1f6016129d2feade7d47ed892dd828196ce0682a87ee41dac26db1403954904
SHA512

21cd37733cdc05ea2051f6f33c81cb3fa8e1b0232d6e4a5c1260cb37af7d2d733baae7d95a92716f5afe5ba8b8ce8a63f5ab1c9ef0a2cebbeef12e925994545a
SSDEEP

12288:tf7o5EcoRCCOSb9Vhf+Z/1XsPqY24EnqjiNQAojz95ZpH8GOg8gmid/mhNsOf:BE5EcxCX9f+XXsiY24uNPMz3xDN/qNse

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

w8rr

Decoy

musimack.agency

stockdatai.com

obsidianfields.net

idahogunpros.com

leochun.com

tancal.cat

theselfishbrandofficial.com

undegenerateness.info

nhanoon.com

y566.top

arabfinasgodes.com

goldenmetaverse.com

adilafinpay.com

biblicalcaffeine365.com

golgesiz.net

hsshengri.com

bydarcy.net

sevichhar.com

sanjeshgaraneh.com

femdomfilms.biz

Targets

- Target
  
  daaefbbdddac6178d9d71fa1617d02705c4614c62cf981ed4534d33d60e0b5d6
- Size
  
  1.0MB
- MD5
  
  f58a8ef45fa7a4e7ffbf1dcb3eded720
- SHA1
  
  5e83a6c72104a3af601565fe7646eb83f3703585
- SHA256
  
  daaefbbdddac6178d9d71fa1617d02705c4614c62cf981ed4534d33d60e0b5d6
- SHA512
  
  a8dddc5fd4e8f0dcf2ac5c0a244b83b39b8c8a7477894df5d56e107bfc4efa29624e9f2ef394ec9054333a105ad01d53e5681502f08317d490080190c3c2e57e
- SSDEEP
  
  24576:YdBqCebfeuXVgOvrMb1krGy7FzpS+dI66+4ZTg+remT3:YdBqCafeEVprp7bq6OZTgI7
Score

10^/10

discovery xloader w8rr loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2