xloader

General

Target

085e90b23a737568217705115a4766b9a0a42c8335337057f6bb9164db83c64d
Size

1.6MB
Sample

241122-jjwdjswqew
MD5

8674827506de9709f18f0958c3c347e2
SHA1

3a2f0b3d0f0c1bfd010b4ec218e4b486f9a78b3e
SHA256

085e90b23a737568217705115a4766b9a0a42c8335337057f6bb9164db83c64d
SHA512

bc2787d053ab0a5e4d57442c84c3ec0b3b3246900b5becd27a79767c23fc2aa294f8647c4df7da1df9a60ca4e8931716109f3000db2336167ef31d4736100f55
SSDEEP

24576:JFozo5ztlrUM4QgKtGoIay1vcrP0lPn1/0S+7n4SYtqChJ+hu3A8K/dwiGY1iQSQ:JwojljIKzIa+crceGP

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

f4ut

Decoy

studiokventura.com

rmnslashes.com

oklahomapropertybuyersllc.com

pmfce.net

yingkuncy.com

theailearning.com

artistic1cleaning.com

shqinyue.com

dentaldunya.com

karatuhotel.com

renttoownhomephoenix.com

0087wt.com

hotelsearchkwnet.com

dentavangart.com

98700l.com

seattleproducecompany.com

magicparadigm.com

cunix88.com

vr646.com

calmonleiloes.com

Targets

- Target
  
  PAYMENT.exe
- Size
  
  1.1MB
- MD5
  
  d639a70d7bb8cd136bc920a15ac2a5fa
- SHA1
  
  4ca0f11ba335654fe8d7dfab478202eb3d90e337
- SHA256
  
  d3e580c4794a5e5e50f2334e3ecba635ed049952c30be08f283a72e299f64f8b
- SHA512
  
  9a5c45f99c7e02a6965f413c3df9ca6408c24e0bfb934595199a04f899ce4bb02cfd3288b845cf20dc664476a889dc32c5f7571f07acdac93aca3308a157759e
- SSDEEP
  
  24576:/Fozo5ztlrUM4QgKtGoIay1vcrP0lPn1/0S+7n4SYtqChJ+hu3A8K/dwiGY1iQSQ:/wojljIKzIa+crceGP
Score

10^/10

xloader f4ut discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2