xloader

General

Target

c7e8dc0d874686bc3b1b7cd9e1bfb68b84a715589fd55a51b708a3aa3b484586
Size

386KB
Sample

241121-zjnlpssjfm
MD5

a7e948f7658ba5a1aa796d12117eff27
SHA1

7e85400e52d214b8e5fce0f56261a0a3a1a6de2c
SHA256

c7e8dc0d874686bc3b1b7cd9e1bfb68b84a715589fd55a51b708a3aa3b484586
SHA512

fcd204c88c83b84862dde4e42009a5c3ee84cc66d9b07fe8051cbc3024a113a4727e688ca9c905afebe878f5516e04a58f87c4d2ce54d78bde6bf839ceac015c
SSDEEP

6144:pd8JIQlAeoFls98ItZqiDVlFjw8uUircI6qxKR6mCMetNl+/eAWmOH6kluPbh:pdgIkABE5tciB3Ygj3CMAz9bxud

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fo8q

Decoy

idesignbymadelinefl.com

finleygoods.com

hfxyyq.com

jjhh9656.com

superstarcoding.com

synergybridges.com

fantom.art

zebramovie.com

keephimmine.com

cmbego.com

shreegurudattaenterprises.com

appcoinsupport.services

roysecitystorage.com

gentlemensstories.com

hubinternationalinnovation.com

letscleartheairnow.com

strueyouneedto.space

schoolofsevens.com

cannaonline.net

slimmersite.com

Targets

- Target
  
  INV#94049.exe
- Size
  
  624KB
- MD5
  
  11b99a9ebfbd6815ea25e451aaadb5c2
- SHA1
  
  300ebe536afb18ab95386c59b569da3a3ac39bfa
- SHA256
  
  79f465b8846c4bd2865defb9a608d2ca089f94352abd3c765558f6ecfcbd5555
- SHA512
  
  433152236bbbc7267c9ad3abdb577dda11007f866d690361cecd8d55d24f3f88ca0635fa11f0ac498b4ed81ddd032864de10d89383fa53a6d6cf16c89636acf5
- SSDEEP
  
  12288:l3H2iNLBD7hYI1o4rb8t5S3PRgkFOi6b0:ZH1/eqbo
Score

10^/10

xloader fo8q discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2