xloader

General

Target

5a478e7020da594158f18e86d189b66105c96fe03cb8362295a154b8689ffe3c
Size

628KB
Sample

241121-zhtfkasjcq
MD5

520527c2349c904d2fb4ce6ddc9518fd
SHA1

782cf63ce735616343d5678540383fe8d626c9d3
SHA256

5a478e7020da594158f18e86d189b66105c96fe03cb8362295a154b8689ffe3c
SHA512

11c711da92f031506f740a62518556f7ea8d0a4b28e6087be4d9293eb19840cbc680899ba8a7693b173c69c3c3097fda7f8cb16ba691a5478551542e174ea5d0
SSDEEP

12288:YkvLBXULkiY9UlsuEEJ2SlkcNqKNJr3XDozaXNpLb+S6D5Lxp7ydfNvMH7yO+:YkvLuiFEJ2SnNqKNJrHkza3+S6VidfxZ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

udew

Decoy

danieleawilliams.com

miladjalilian.com

hzmila.com

elecreator.com

instrep.com

4tongzhi.com

sltreeserv.com

expressrev.com

dataresearchcenter.com

filmblingalley.com

3buagency.com

hxjh888.com

gotmetwistedcomb.com

vihco.com

scg.solutions

drcvkm.com

frostresorts.com

gintech.co.uk

luxury-holding.com

roupasdobras.com

Targets

- Target
  
  Payment.exe
- Size
  
  1.0MB
- MD5
  
  91706d95a9aafe3c99f742e6d476fd66
- SHA1
  
  2b69023fcd198efe36909ae031726a02966c30a8
- SHA256
  
  4c5ba895d47529032c749f81ae5f8ffba7fab5493a2bd33f699c0d05aabfa080
- SHA512
  
  0f85a0ee382f0dfd02da27e52a0e4431da723aa99df88c8d78b92c0bc104c1282dd19841216bbd5b264df6120ec490e090bd5b7fbdb093a6a6fc153db510f23d
- SSDEEP
  
  12288:F7Dc9F3nC0Py3gAhPEJbjJEKFWxqG1ICxlLokn9z5ab2NJO92dJBfOjpkUhXRxOT:OY9jlLokn9z5dg2L0GUhHl1OMayg
Score

10^/10

xloader udew discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2