xloader

General

Target

50dfbe912c4451dca1d1daa02787cbe79d43529b6013f626508cfa1eee5a8d2c
Size

728KB
Sample

241121-zhlqqaxmfv
MD5

5cf0d085fbb594428a00240e4aae190a
SHA1

3417e298ac83f42811bcfb4de44465840ef0723f
SHA256

50dfbe912c4451dca1d1daa02787cbe79d43529b6013f626508cfa1eee5a8d2c
SHA512

ff5d79b7de68595665e2cfe6411274e93937f7f3ced231653cb88afb628a00fdba4e11e0521b482d8ccb47030221c6111ae5c9d5d467a4a68e37a19dbc087705
SSDEEP

12288:pNJCrZhCNvU7yiDF3mWRd48O2BT/GFyFFqaWpUndheJUl5A7PXWVTv0W9XJfvgAY:psZciNF22fOCqiFqaWGqqKW11vgA7gHt

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pe0r

Decoy

quickeasybites.com

idilecup.com

atelierdusalon.com

tigerking-safe.com

goinyourstrength.com

ssfgasia.com

halmanseger.com

hpcovn.com

thegodfatherricedealer.com

hzmsbg.com

trickswithwix.com

rbvctiu.com

spystoredevices.com

monlexiem.com

apt-forward.com

medsez.cloud

nanantz.com

kf350.com

ztvwgqjya.com

countingeverything.com

Targets

- Target
  
  RFQ_AP65425652_032421 urgentes,pdf.exe
- Size
  
  834KB
- MD5
  
  6324862ccd183522472fedbe3901d267
- SHA1
  
  46b1718671e662b34d903eb9acf2cc09ef893ff6
- SHA256
  
  1da66787bac6e2293792bf1f2d262c9d587b1fb63084ec6afff294b79c208014
- SHA512
  
  e69e3ef927121ba5c89270a2d7a1ce0f5b367ddac4fc7f3aecb32b47722083d3aa437995d7766f99138f172f30b628cc806f786b916a897bff3145db8c6943df
- SSDEEP
  
  24576:IehAesJPxtoGyiI7bMQVtbl1wm9YL44Mwv5N:IehAe0toGqbMQVtbl1wmuc4H
Score

10^/10

xloader pe0r discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

CustAttr .NET packer

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2