xloader

General

Target

d11157127ca73bb49219fa583b7166c7d20eb0cdb7e48d122c322364b7d900a7
Size

305KB
Sample

241121-zpmatssdmd
MD5

46854a5f434a84a7b6156fe359a9d268
SHA1

b04b843d41738825fa9831d9bb4bb262499d0db9
SHA256

d11157127ca73bb49219fa583b7166c7d20eb0cdb7e48d122c322364b7d900a7
SHA512

a0abba2ffc634cbfc27e7553edd27dedde1b3c88e7eabea444a4431247cc8ff05933fdeb70f4d364b3b9f2d1a4bd855b2f3f4032f190f4da73b3609f711e6d0c
SSDEEP

6144:7qXQNDgnR4MwWz17JuHjWuuMTBgg6LLkr7cgbEMT3f80mipdWO+:eLR4MwW17KW9MVIWBLf8pMdC

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fsgg

Decoy

0520ks.com

cimeza-africa.com

eth.download

malcolmdawson.com

deleaderainfluenceur.com

goodwinutotint.com

eyehealthtnpasumo1.xyz

ban-click.com

whf5.xyz

ambatika.com

awaisqarni.com

reduziert.xyz

quearsvone.xyz

mundohightech.com

radonpay.com

dmgsouthgateway.com

discountbeautysupply4u.com

hackworthcenter.com

sofobw.com

virepost.com

Targets

- Target
  
  5f8d69976e4d3c9b6508cd376dcab4971a605d8d1122952ad604f7b48d2ef1e1
- Size
  
  315KB
- MD5
  
  d51f1d0cfd3d340217a10563e26b874b
- SHA1
  
  7a0208d13ecf6943af12a9f49b1f66b10d3ebeda
- SHA256
  
  5f8d69976e4d3c9b6508cd376dcab4971a605d8d1122952ad604f7b48d2ef1e1
- SHA512
  
  53a440e7b2d450c15fc340a79f586c7d6021ddd3adffe8af9ec9cd54b301749abfd10184d784cd2dea6a0595576cbe7526d4c7de838f2c183c297e90285e7f77
- SSDEEP
  
  6144:TxDZ+uY3Vi2Ad8nC3aXrPvT0b663EFC7TY6aU3DaQuwgTNN1rxf:z/acTdf3E5dUvYjU3uLw+rN
Score

10^/10

xloader fsgg discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  kyggpnadk.exe
- Size
  
  168KB
- MD5
  
  5258ea17d00705e2accee3c63e21d7ab
- SHA1
  
  ae2d56d597d50bda9dadca39cd71b8488a28682c
- SHA256
  
  8e9b30213dcab171d3e65d0da99e4a847da5cba6fc47f3641d90e8d6e70637b6
- SHA512
  
  30c68b68b4caa22747bc8312fad4089d5d45e10565f03718d8ce4fdf9d5b53f8e60a9d5ca73fec521437ccf63eb902cc9a5534cafe1ffff7658810e438747e8e
- SSDEEP
  
  3072:fc4Horf5X/n8eXZHTFGAfU7VKXHGHggYRdDUbfZm:f3y1/n8YpDCVKXHGAh
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4