xloader

General

Target

f2f40e8c544ecdd742f81f943942802c4260f225cc6a998dcafe93c5d13d26a3
Size

1.3MB
Sample

241121-zhv96asjcr
MD5

15586f8251c4f3049dd5dda1bd53163c
SHA1

57484b6b78015c44df10b6680f347c453613b51f
SHA256

f2f40e8c544ecdd742f81f943942802c4260f225cc6a998dcafe93c5d13d26a3
SHA512

24be7993ceccfda4f2f51a74e344790fbea6067e7843165c95f01211f4b90db5fdb40b81fb0cbb73a3a862bac6603e73eb2ea88b0e3fe2e033cc21f27bd279e2
SSDEEP

24576:1bBYGjrcyXaVtGiGL07KLKVgJiewnVHxm+HXfUgJ05UyF5Ld4c2i7LL+DgdZc:Hjrc4aVQr4GLKVgJiewnxxmgvUgu5Uyz

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

o8ba

Decoy

bestsexnews1time-gfe-gf.photos

uni-lyte.com

astrokalyanidevi.com

advantagesmm.com

dglljy.com

neesoigne.com

thethai.net

davis.finance

perkthepfukup.com

mystanleydistrictcondos.com

ozelrenkis.xyz

consorciojuridicovis.com

hobby1click.com

saylordecor.com

appocblog.com

ronyinne.com

lokicms.com

currencyrates.today

5993899.com

kearneyconveniences.com

Targets

- Target
  
  f2f40e8c544ecdd742f81f943942802c4260f225cc6a998dcafe93c5d13d26a3
- Size
  
  1.3MB
- MD5
  
  15586f8251c4f3049dd5dda1bd53163c
- SHA1
  
  57484b6b78015c44df10b6680f347c453613b51f
- SHA256
  
  f2f40e8c544ecdd742f81f943942802c4260f225cc6a998dcafe93c5d13d26a3
- SHA512
  
  24be7993ceccfda4f2f51a74e344790fbea6067e7843165c95f01211f4b90db5fdb40b81fb0cbb73a3a862bac6603e73eb2ea88b0e3fe2e033cc21f27bd279e2
- SSDEEP
  
  24576:1bBYGjrcyXaVtGiGL07KLKVgJiewnVHxm+HXfUgJ05UyF5Ld4c2i7LL+DgdZc:Hjrc4aVQr4GLKVgJiewnxxmgvUgu5Uyz
Score

10^/10

xloader o8ba discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2