xloader

General

Target

2e9e849287f292db9064f54e6888184007170ca99e0b098f3d5a2c725d22fb25
Size

471KB
Sample

241122-jjncyaspbq
MD5

66ee24ac2a3a5eeab7a47e355d7aea55
SHA1

3fcc3407d84b5264c0103ef2074f6e885f87cbae
SHA256

2e9e849287f292db9064f54e6888184007170ca99e0b098f3d5a2c725d22fb25
SHA512

644602523ee224b3eb5bf97d4f4fe9a5fd5fb9d0797fd14ecd31abeacd0208e9ba4db4741c394fd92357927baaba8c3301fb96835cbbf0964e0449a03c926122
SSDEEP

12288:pQwKrrms1qL2VsYI0Mwr6VwKy+ZC9RblhZeRToX1eb8lFG2:CrrmsAL2VsOMwr6q+ZWbHZeJokb8lFG2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

riho

Decoy

surfcitydawg.com

pwuq9t.com

prefectfxtrader.com

369xy.com

bjhygj888.com

cabinetfuid.com

houstondynamics.net

bertiebots.com

taboohospitality.com

fearlessthread.com

loropiana-store.online

growthventuresinc.net

artairazur.xyz

tvframesdisply.com

flammifer.biz

gtnetpro.com

b3sportaintment.com

housing-staff.net

superdelicioso.com

14mpt.xyz

Targets

- Target
  
  3bed8547e488c397699d515cd97c222b482c302f4ba17a70980db6f0788dc2fe.bin
- Size
  
  516KB
- MD5
  
  661809856945e7e1f90978e165e08fed
- SHA1
  
  58bafd5fee279f6e7f2c72971b53bd16f8333693
- SHA256
  
  3bed8547e488c397699d515cd97c222b482c302f4ba17a70980db6f0788dc2fe
- SHA512
  
  0fa6ebf4f1ac67b266ffc5fce812f825c21302d15c1fa886a9a7cc6d225e0dec41482f427c05b59ca3a880ececfd999fe8853f9ad5645e4b1c6c424ffc218549
- SSDEEP
  
  12288:zMJSBpWgQ494NOg0P12c5odVAVibMFFOpuP4rjMp4dLN314qXZ:zDBUgn94NOQ8odVKibJp0LohFPZ
Score

10^/10

xloader riho discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2