xloader

General

Target

afeea59062ce30f81f568619f51d7c2f51e2b04e8ad9a0ce08aec97c8de62ed2
Size

542KB
Sample

241121-zrnaxasdpd
MD5

aeab1710fcd895cb4f60e510aed3a8db
SHA1

06c494898969053a5887b99a37fcb96a8964e3a9
SHA256

afeea59062ce30f81f568619f51d7c2f51e2b04e8ad9a0ce08aec97c8de62ed2
SHA512

fbb7331b78e29f9ebcc18f6fc2b8dab6067a974286670af65486fc53a1fa80f8e0eb919aae042da7ea429abdd887512acbd00637c74d874dda75b33c82fb5c0d
SSDEEP

12288:0c3C0Fa1VvoRc03xdV+Uf+2TtSglEQPscXqtCiqnX7eVl4:lSAz3xdvjkQPscaureVO

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

sgs8

Decoy

epptexportools.com

theweddingofshadiandmike.com

588movie.com

deannahayko.com

smithkenney.com

mogurin-blog.com

heffner.host

nflflex.com

tshirtcustomdesign.com

livingwithinstinct.com

hanbangvu.com

5starsct.com

jystainlesscoil.com

lechazosdeliebana.com

northeastcampervans.com

halloweeneventsinmiami.com

wellnesswithshami.net

mklaboratories.com

oilepp.club

ravexim3.com

Targets

- Target
  
  26e9a6c6cd87bd362de79a9557f2b08aa030a80cb9a182e709cba046b9c8a98a
- Size
  
  799KB
- MD5
  
  518c618f22b1b55ad13a3a2f83792bf4
- SHA1
  
  8d462ed03ff861ee56d1229f4b128dd429da5aa2
- SHA256
  
  26e9a6c6cd87bd362de79a9557f2b08aa030a80cb9a182e709cba046b9c8a98a
- SHA512
  
  84e01702aa1b54b1703fefb6b6634b29627b293e0f3a0207524fca3a4a2f10efa5b71aaebfb72337b31633aaa27d7a5024ce1a74a8426ba1f61547080836ca85
- SSDEEP
  
  12288:kJp5oqRasUrtUtIevx0fpTDCvTbmqaubHnz4BK0hq2ueuHVdleJ3Lfg+bc0iid6E:2Rvbt5Z0fpOugu42Z6N
Score

10^/10

xloader sgs8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2