xloader

General

Target

7ddfdaeede228d26fdcb95ba82efd2f3aed707330b9bc9e926c5728d6773a444
Size

191KB
Sample

241121-zkwzgaxnbz
MD5

bd11556a0c70ae6da78920e258a61255
SHA1

5ecbb94f0fe2a4c63444cca3b031688fa51eb140
SHA256

7ddfdaeede228d26fdcb95ba82efd2f3aed707330b9bc9e926c5728d6773a444
SHA512

cb39895de7e05f6e872c5c12096ba6c84047e007b7febf16d513acba0d7e335377017e578764cb6d984dc9f29ba8692483f19250707e884a1c93c26aeb3a4599
SSDEEP

3072:a1jhLsV7CsRIcXcqB8NSLZjlAqmpT1BhQOlKEh60Hc9gD0psCYSA6321n9x7DtLZ:a1dy7h2cMtN6ZxaaE4tOSAZx7DtLaj2T

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

oean

Decoy

kallitheasolutions.com

k-kard.com

mattvasilevski.com

gralg.com

lpbbxsfwwp.xyz

sahinligrup.com

forestgreens.club

qianduoduo.ink

futbolzone.site

rulesofvegas.com

theternarygroup.com

basenic.club

profitcenterresearch.com

cottonwoodcollection.com

chicagosecuritygates.com

hochfranken-feuilleton.com

carpetilo.com

adapt-2-nature.com

shasyaveda.com

altinovahotel.com

Targets

- Target
  
  EPDA MV.Sweet Lady.lll_pdf.exe
- Size
  
  205KB
- MD5
  
  a89f3213f565db4ec7d6daa25ccf5bb5
- SHA1
  
  8764eccfa6c1689d8cfe90a652becce02ad94692
- SHA256
  
  0bc4d1e45ab93d84a42b64fc2d0514440e13dc7afbed98e51e38f1d5d5229844
- SHA512
  
  405cc3880b2eafc91f5cf06175b21de2f4d9b534db7dcc7f42325891d1573cde6b80646e72ddcbd7366610a5cb1bc2000f3de524b667310b7fb03d42167f29dd
- SSDEEP
  
  6144:r9X0GfXLULFwWCnObVvM7FroK5W9JuqJ4d:F0qX45sObyloK5WXTOd
Score

10^/10

xloader oean discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  3bp6xookqs5b.dll
- Size
  
  11KB
- MD5
  
  ee224cf89c92d8b8d08cbd9dc183e6a7
- SHA1
  
  8ab4416951d706730fdcf9422ac39a7308bd3443
- SHA256
  
  bd5ba137ea2f0162b1baaa6483f5f8d56a3327818c0c96a2b04842638625a8f3
- SHA512
  
  261a568b8b3ee4a3b8fef2dd99889495ef91c05a1e593c23d36ebb495872e6623f8be20630a52126dbde8720aabd24f047b3cc654f744afe9310a4da01702005
- SSDEEP
  
  96:P+TPj0ToB99zhvmNHcZSEdShtRrs2fagG6/L/fPPmNH/u64ja5I3tI+gjG3mRtxx:uPS+9zhO1ChYhHrHaov+pn4mOtIq4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  c0qit2o.exe
- Size
  
  3KB
- MD5
  
  2632c0058c899f8a94077b5abab7cc96
- SHA1
  
  2b2e620c7964d27828f903ebe4cf9359390a5f06
- SHA256
  
  10241509299a29e8bd8c016b7ede6703a00915f65ae5165268f58bae93cdf37e
- SHA512
  
  a662a4ff0bfe8fafd3216ec98930a9805b8771d05fb803d3d9a9a99ce04e145ae60bcc4ed63574c712994e6aec90f03a1900a64e6a0021d010b0f016913d801e
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6