xloader

General

Target

a9fca272884348ca9773935b5833407aced2d22cc1ec4c688ca6a82f93bb6444
Size

750KB
Sample

241121-zkl49sxnbx
MD5

98180c8c895f58458c942748375d5b61
SHA1

e3b9993871d24edcb1ffb25797e849ca3217329a
SHA256

a9fca272884348ca9773935b5833407aced2d22cc1ec4c688ca6a82f93bb6444
SHA512

80697a879abdf9f10928cba8bd7350d12d2274475e8d35ba8fce2ba77087d53734a36bee3200893c6e5c7ad60c1a79816f7375bc0461475fca57573c29da8ca2
SSDEEP

12288:eHs2/33gYsZx1Ga21x2cF5p7hPi6CfWD8qao2f+2EI/QCPI7Zs0rQtSVOnnXx0:eM2v8cGcpBvCfbqU+FeS7ZJ8ph0

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nazb

Decoy

polypixelarmy.com

dppu56.com

prayrowan.com

favoredysxdmg.xyz

swichkickoff.com

suddennnnnnnnnnnn06.xyz

your-own-vpn.com

ban-click.com

digiblogofficial.com

frugaimoms.quest

longoriaamanda.com

moonelegant.com

americanpawnaz.com

riverflowmassage.com

theresnosomedayinbadass.com

sacredsolomon.com

mkperfumy.com

yavastudasuda.net

votewhosright.com

lovetoconnect.net

Targets

- Target
  
  05b1c93dc0267058d92151c0ebdd9d6facaa0ef863cf7aaa7bc5e5453c0e0d6f
- Size
  
  825KB
- MD5
  
  9fbef7ef7736524a4d70188cd5e13ecc
- SHA1
  
  4462f6643b9de71db404f0ce65b02e3f9c1321ee
- SHA256
  
  05b1c93dc0267058d92151c0ebdd9d6facaa0ef863cf7aaa7bc5e5453c0e0d6f
- SHA512
  
  41ec03df8ec1d25c84085e21b69f8a0b046ff81bca1468b49ccc5fcd720b223dee26440110ba8b10590bede72985ca09c53b633875e6189f151791334c4d7f97
- SSDEEP
  
  24576:wJLPK9FNsY9Pu7+2FJGDp46hHrrJAY1BWwO40w7yP95O:sLP6NsqKTGtRR2SBW3dw2P
Score

10^/10

xloader nazb discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2