xloader

General

Target

cfbd31c637b07ad4eb5dacd7def13210fd67cd05c112d7094f888e6508c8b88a
Size

1.0MB
Sample

241122-jjpwrswqd1
MD5

14df1e424aa234dd2deb2e2557d4b0cb
SHA1

03e5f1977ef0fbe6ed54ea62eb9ba075fcf3f273
SHA256

cfbd31c637b07ad4eb5dacd7def13210fd67cd05c112d7094f888e6508c8b88a
SHA512

7270241ee263d1d366119bdad0ef07d4e41dde83cbd16a0725040c64b9a22c61e1a5d4a56f4da18184b615985a340251696e95cdea819b578d86f2565db124fc
SSDEEP

24576:2XUlEy8shmc2M1ZY6apy/Gpts7+D/bkeNK7ZDVObtVN:2Xst8skMI6j/GptY+f0583

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cg8q

Decoy

postmaniac.com

pordges.com

fritzsislandcampground.com

cekenlerticaret.com

karian.one

pubgcrafter.com

yeyasdeliciasmexicanas.com

replicraft.net

medlylab.com

matkubaj.com

albertsuckow.com

zhizhengsf.com

syntaxpath.com

bridgeparktennis.online

mindpregnancy.com

retirewithmj.biz

weenatter.com

salontafel.online

duinsnowk.quest

raapmanagement.com

Targets

- Target
  
  Machineliste.exe
- Size
  
  1.3MB
- MD5
  
  5d81c58e9801b350c446bdd2575515f2
- SHA1
  
  e29e28781226c5d84b760fdc2cc57eaed8c5d6e3
- SHA256
  
  8bb6c5fd879114abac0f9f5812355de6974d0e02305b6dbfb57e72f90e0803a0
- SHA512
  
  1f0bd5464849217bae5c86c067f9e0cd7bb465752cf435fa4c00717be1c6251429c4eeee4706c9218b74af0c3c62350e352a03c4de93c85e7aca99013aebb78a
- SSDEEP
  
  12288:JMI4B31DdmhX2akBSgXxpmFT531tHaJiKx2iNPG9TXBxlm+LtKu1CMJR3zA5d0yt:2J71Y9TXBv3QuQcO5dzrulpu48YKE1q
Score

10^/10

xloader cg8q discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2