xloader

General

Target

f085f3f2bd1fe6da4eaeafdfc35a1a0e31d861dcabd6e686d224d50dabff8b8e.exe
Size

438KB
Sample

241122-hqya2swlbw
MD5

cb11ccb42aab6300427ddec224524e14
SHA1

436d8c5761238a5e82f5332b192318b80e971300
SHA256

f085f3f2bd1fe6da4eaeafdfc35a1a0e31d861dcabd6e686d224d50dabff8b8e
SHA512

6cb35dd8eef7b85c0105b8f3ba7fe7d774c520384658c753685ea0fbafe6396a0030a3b8f4dcaec6e33e66927f6138af850a887a2809008ffd78c625b308bfaa
SSDEEP

12288:SdeLnIVvjGGAFviNzSkyDK1gqVW9qMX4sH:PsVgOzQ+W9qK4sH

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

riho

Decoy

surfcitydawg.com

pwuq9t.com

prefectfxtrader.com

369xy.com

bjhygj888.com

cabinetfuid.com

houstondynamics.net

bertiebots.com

taboohospitality.com

fearlessthread.com

loropiana-store.online

growthventuresinc.net

artairazur.xyz

tvframesdisply.com

flammifer.biz

gtnetpro.com

b3sportaintment.com

housing-staff.net

superdelicioso.com

14mpt.xyz

Targets

- Target
  
  f085f3f2bd1fe6da4eaeafdfc35a1a0e31d861dcabd6e686d224d50dabff8b8e.exe
- Size
  
  438KB
- MD5
  
  cb11ccb42aab6300427ddec224524e14
- SHA1
  
  436d8c5761238a5e82f5332b192318b80e971300
- SHA256
  
  f085f3f2bd1fe6da4eaeafdfc35a1a0e31d861dcabd6e686d224d50dabff8b8e
- SHA512
  
  6cb35dd8eef7b85c0105b8f3ba7fe7d774c520384658c753685ea0fbafe6396a0030a3b8f4dcaec6e33e66927f6138af850a887a2809008ffd78c625b308bfaa
- SSDEEP
  
  12288:SdeLnIVvjGGAFviNzSkyDK1gqVW9qMX4sH:PsVgOzQ+W9qK4sH
Score

10^/10

xloader riho discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2