xloader

General

Target

fe199d1facffb73a30b58fc5349e8ab26fe72532ebe7273c45bf6d18901363c1
Size

203KB
Sample

241121-zjvd9asjfq
MD5

e28c55f6a1f5c15865cdc8b12052f11e
SHA1

fb8884e642657a555290d35b19f27b3c57170ca3
SHA256

fe199d1facffb73a30b58fc5349e8ab26fe72532ebe7273c45bf6d18901363c1
SHA512

de458744d8519adcd8288282e075c8d7df4083696238d0bb798429aa32a82ac6b99f03639b43db3a2f1d2e33a204695bf91068d8e0eef1090401ed0f500bf5a6
SSDEEP

6144:HpY9WprmnrXAmymZV7jLftmvxRFDnHDyrmhxZbT:hrmnLAmyCb8bu8Z3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pb93

Decoy

covidlawyersnj.com

zhgxzdh.com

mydomainaccounts.com

uniq.plus

snehapoorvam.com

anj-tradingltd.com

orderinglogin.com

1660688.com

cazconstructionservices.com

yildizwestern.com

futchampionz.com

starbritesmiles.com

viralxch.com

bandmanwiththeheadband.com

teachertechia.net

provenfitness.club

regentpublicity.net

meghaminz.com

mysuperdrink.com

redtomatoes.club

Targets

- Target
  
  d3e3e74ae005ecdf559e792e9c26c1b5e26493f85ec256bb98c544b418fa7475
- Size
  
  214KB
- MD5
  
  7fcf8cbc72fdf0ad1998b9a3c3e1c5ed
- SHA1
  
  f8646738017c782bfc3922fac667098f0e5f6e5d
- SHA256
  
  d3e3e74ae005ecdf559e792e9c26c1b5e26493f85ec256bb98c544b418fa7475
- SHA512
  
  0c737d21b75639381f2c5f276453ad16c82b9687b215d371887d41a7385a97362c5922f40eca0b89029c5be7a87f5e24344d407612f5ca7f29e57b1049599912
- SSDEEP
  
  3072:8Lk395hYXJvMCpUkrbzkCL5ChqqBRWgLSR+Bw0MV3uK6OfBsW9XM1IeZ9Mm+qpCg:8Qq++PqXWgLSR4eBKdZv+zLHQp
Score

10^/10

xloader pb93 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4