xloader

General

Target

2431bcfeeed375246aa9b2e9a42868f57ccb0517bea50b9c9ddcc4ff8e3c75a1
Size

326KB
Sample

241121-zkmqssxnby
MD5

f74d373a1ae45e6b8a87c6ef10675223
SHA1

30c7e8a73bbc4a7897e203b5798b6bec6c642a7b
SHA256

2431bcfeeed375246aa9b2e9a42868f57ccb0517bea50b9c9ddcc4ff8e3c75a1
SHA512

2ffcf377ba7b7bd3eed46867578cca2397111beb8adda2c893e567922794806d32ede14cb86f0e3b9110b040acf07dd0567f924478074a77d0bb43cd708d93f9
SSDEEP

6144:jaKOJqfDlb3PodeJ8gX5jMAzraI5gG5CJbgjSy7EnXAZI:jksV3PoQ2s5jM+GI5gG5UISlXAZI

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ssac

Decoy

beautybybrin.com

oregemo.com

prospectoriq.com

blazermid.com

cloudnineloans.com

myyntisofta.com

filoupoils.com

web-solutiontnpasumo3.xyz

becbares.com

lines-hikkoshi.com

ohayouwww.com

writingdadsobituarywithdad.com

bridalbaes.com

jamshir.com

rangertots.com

dankbrobeans.com

titan111.com

uplearns.info

maxicashprokil.xyz

evc24.com

Targets

- Target
  
  PO1922.exe
- Size
  
  436KB
- MD5
  
  4206075224453d62fdff5aa5c32e392b
- SHA1
  
  5d862e2e94f2d83d1594d21fd4f73d96a192a2f0
- SHA256
  
  c804865a31c4ece9c6dbf12a13593c3402f04618477746eff72709c5dc5d3ebf
- SHA512
  
  7c048a79159f82fe3295a92f471dd8c8f01f8ea099bf1c8f53d0335f150579fb102baeb0df9c4c96a15af57f40cc11406a47d14de3975e3a1be605c572889062
- SSDEEP
  
  6144:fwtwbmreTCxk0rd6Nz5iKk2CGE+qMew4cfhF+jhEKdwL4ZfRzvULe:gYmi2dvN2CGE+AMFkh56L4ZSe
Score

10^/10

xloader ssac discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/hahe.dll
- Size
  
  19KB
- MD5
  
  c2011862c7102ab56ad2b1d8bd68d39b
- SHA1
  
  92bd5b2ed09c6c291732a5de851863410e97dd7d
- SHA256
  
  441abd6663c6823e8ac2c1facfa6bd147e28504c43dee969376ec6cfceb898d3
- SHA512
  
  c9971837b6b420ae4d72f265b118cce6667116d3d00c5731856708ae8b7c93070fafd34a62bcef0890014cefd115a5ef6d92f380735fac415b1a129c256187fd
- SSDEEP
  
  384:7XKkht2za/ke5vkgNEIp5xTkEb0sckt64w1Ka9eC8ll:7XK0t2L2xAEooBBJr
Score

10^/10

xloader ssac discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4