xloader

General

Target

a393c1efa272e8ce5a92d9777da61fb53bd1ddea87510f44e2b043912e97a866
Size

227KB
Sample

241122-jh96baspaq
MD5

558ecfc8133828499141d833fc209374
SHA1

dd2542b9808db793284262195a951b4fdb17f789
SHA256

a393c1efa272e8ce5a92d9777da61fb53bd1ddea87510f44e2b043912e97a866
SHA512

49491cce370320e3fe822b2089ba345caf44ba0e3b01d5ae8a89ba486f06865402cf6eec0de9902f70355ebeed75c68a4914ccf614efd1379b3058e6d475284d
SSDEEP

6144:MMKvLGV4Dq5dR1LC4bri1CodA8cDN+Tt2BNZGrsWPyaS:IGV4DqhFb8CiC+Tt2BNZisQtS

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

nu8e

Decoy

joansmoviereviews.com

tronicsbuyer.com

test-amqatest-27-08-2020.com

localwebsurvey.email

toptierschools.com

exoticfilipina.com

iregentos.info

ic500500.com

z3255vsrwqstudio.club

dacabionline.com

innov-learners.com

redwardenstudios.com

payprscn.com

hannahmadeya.com

acandenizhukuk.com

alhaddarnewse.com

aestheticsbrazil.com

amandamcmahon.net

naughtykittyllc.com

germantoolbox.com

Targets

- Target
  
  样本目录 2020_pdf.exe
- Size
  
  245KB
- MD5
  
  d4a74696a8037005cdeb0afa11518a60
- SHA1
  
  cfedd27d891c0aa333f1cd65466527a59983b98a
- SHA256
  
  1b38b1f27ad4594b760fc65c0a898408dc9b586c90f97670c3a40d7dbe837795
- SHA512
  
  6284ae648ac8bfd8fbaae5ee1f24fc5c5ddad87f1ab6596a07487559d499bec338f3171a5eba70858e508916cefeee72a0a523bf3407cd95e414902b991181a0
- SSDEEP
  
  6144:kqKdjfLq5IGpXQgRdEypXmO5PZMFZ1fbnETB9ms5:lIGpXQgRdzmePZedbETl
Score

10^/10

xloader nu8e discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2