xloader

General

Target

34040e82cb289b62c022c3e84bb2c3185150e661225aa9f378fb77279c70bb8e
Size

244KB
Sample

241121-zjs67axmhv
MD5

81631a28a65e152013310e044bb9042f
SHA1

19fad9dee7f80b8ec4a25fe3139428d50b45e0d0
SHA256

34040e82cb289b62c022c3e84bb2c3185150e661225aa9f378fb77279c70bb8e
SHA512

8a56b8874eba8c6cb44dc024ee0c3c95d2791621c49079502785a9f98500561951e1f15efce27edce481ff9a60b901eadf12c6a126b89ea79811e8250bb7d71f
SSDEEP

6144:ZjKAj+HF+xyJc/zF2RYpf7nHDc/XYw1LpJgFl:ZjKSPqc/zF/RHDc/X7t/gL

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

r95e

Decoy

mindyourbusinesscoin.com

melandri.club

13011196.com

bespinpoker.com

ohchainpodklo.xyz

paolacapitanio.com

hnczppjs.com

healthygold-carefit.club

drive16pay.art

5foldmastermind.com

especialistasorteios.online

cjcveterotqze.com

originaldigitalspaces.com

21lawsofconfidence.com

uscryptomininglaws.com

nilist.xyz

bergstromgreenholt.icu

dumbasslures.com

companieus.com

2gtfy0.com

Targets

- Target
  
  DN 0098667.exe
- Size
  
  257KB
- MD5
  
  cbc03b03f2b8626ec8f8fbcf7382df94
- SHA1
  
  ac570be606cddbe2ff862555e0b28a368f84df9b
- SHA256
  
  c8bc547a806fa169df7de512393fa0955c262d808a84758c6fafd5b9f30c8193
- SHA512
  
  5f55afeea21db580d010663bd29bbf57767d5af804adb1b44c879ee4a4d473992efeacb7bf887e1f1ab703a6497f5384ea2c391f2e1653ceb59d3232a8fb9819
- SSDEEP
  
  6144:Z8LxBaMfdkQ+JncfjmSxaF58LjaYpf7xHDc/XYw3LpQgF9:NM9+JnSxNP7fHDc/X77Kgf
Score

10^/10

xloader r95e discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/tktzsan.dll
- Size
  
  20KB
- MD5
  
  3d4fc93b0e82d14dc45f93d7c280faa9
- SHA1
  
  4e472ee4f91cd88b7fbc66e2d042bd84783dc889
- SHA256
  
  4e177339740363323d54016a8b60a135a58d5c1593aa76115acc38e9c7eb10a8
- SHA512
  
  1eeac5f1f8e87bab84b1048f25f387cebd74d253501ff54a4352074b907e0759ccaedc476013c65ceac4a5206c13b9db72c6d2b81451d4d694ac0eb5bca33e6d
- SSDEEP
  
  384:fON4md7V4mnY1FnF2f/oTOuEjkZX4FkvYxzk7RJQogdGkYJdxzkyzs+5+ka7t3aD:ZmAmniFnF2fASuYkZOkvmzk7RJQogdP
Score

10^/10

xloader r95e discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4