xloader

General

Target

a822b0fae2a8fdaf62f37607c82fd7ed8350407092fe119b9f7b3afca97612b7
Size

1.1MB
Sample

241121-zjwx3ssjgj
MD5

bd9a31a02bdf12d7ebc911daf6d15491
SHA1

baccaf933a5f132b50a9c2d92108ce0e1822afa1
SHA256

a822b0fae2a8fdaf62f37607c82fd7ed8350407092fe119b9f7b3afca97612b7
SHA512

8646f9f71e634db7285e90ac3e2082ecd6b3cf87ebea8ba98bba26134f228c943ba8e607b62469e6b76b023dcd9157605a3b3880ccc9e9c1821ee1a1c3d4949a
SSDEEP

24576:sBlngwF1MFch0jnL1Np07d+XMiBlngwF1MFch0jnL1Np07d+XM9:WL1MGhcL1ImMcL1MGhcL1ImM9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m3ci

Decoy

424964.com

ocean-breath-retreat.com

icidedansdehors.art

wrochtthurl.quest

6455gfg.top

dgfipmailservice.online

banjofarmenica.com

dkcazin.com

jobs-fp.com

karens-kornerr.com

parmaesq.com

nuevochile.net

inputsquad.com

consultacedula-sep.digital

taogoubao.net

gimmesolar.com

bluelacedefense.com

grandagent.club

warqatalzawaj.com

getvirbelanow.com

Targets

- Target
  
  pipe & valve BOQ.exe
- Size
  
  946KB
- MD5
  
  3d6d52e92724d3263a059def176d723c
- SHA1
  
  855346c45d9999e16cfce314f0b7f9c603e442b5
- SHA256
  
  29217f28c065aea88d7d7faa350a69636974dc2c9955df8c14602978f304f47a
- SHA512
  
  d6a22067d317b183e42d1137ecbfdfae39d0c812f40a44e949d3e9caa7c86e1606db9537ad78e3d9001d8af9bab9b0b04dbcae630c2566b1d261b10b2b4af166
- SSDEEP
  
  12288:T1f1e3+FD+xlekccmbpJItaZP7XsLTNE6W3ORg2LYj7cLsLD+87KWO7Ss+poswcl:TLeOQzvwLsLTZg2Yj4AHTz
Score

10^/10

xloader m3ci discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2