xloader

General

Target

4980d00b7b7d4f2273ee538213f59414133261609b20b63b716a0216238a3c26.exe
Size

334KB
Sample

241122-xryqjawpdz
MD5

1a7a45e429828144ba301aa570232bd1
SHA1

1b770df12618f6d521d05053f6f6e2a31abb2eeb
SHA256

4980d00b7b7d4f2273ee538213f59414133261609b20b63b716a0216238a3c26
SHA512

972734c0304044ac91f6bcc81934a3a13ad8dda41be2a9e61b7db30d9756e6867865bc49d343280bd240dd09f3ca201e81bac6a5c4f3ceeed1b5d887ea65fbd9
SSDEEP

6144:VBlL/kE286EZd6JrL/TMo1HjvHuFgDJI8mpVObrdtGf7Ypk0TwjenBRN:D6E2864eM7YI8frdtGfEpkOwjkT

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u3ja

Decoy

emiratescomm.net

whattodotenerife.com

bspq-jlcd.com

torobesttanker.info

projectcentered.com

agglog.com

francesbypoppy.com

lakenormanpilates.net

chaseatms.com

bendarlingart.com

blogjust.xyz

wodeluzhou.com

p6ynwcxrxetb.biz

servpix.com

eddysearthmoving.com

rvafootcarenurses.com

contessa.store

jasonconcerttickets.com

umldbe.xyz

noroesteremotos.online

Targets

- Target
  
  4980d00b7b7d4f2273ee538213f59414133261609b20b63b716a0216238a3c26.exe
- Size
  
  334KB
- MD5
  
  1a7a45e429828144ba301aa570232bd1
- SHA1
  
  1b770df12618f6d521d05053f6f6e2a31abb2eeb
- SHA256
  
  4980d00b7b7d4f2273ee538213f59414133261609b20b63b716a0216238a3c26
- SHA512
  
  972734c0304044ac91f6bcc81934a3a13ad8dda41be2a9e61b7db30d9756e6867865bc49d343280bd240dd09f3ca201e81bac6a5c4f3ceeed1b5d887ea65fbd9
- SSDEEP
  
  6144:VBlL/kE286EZd6JrL/TMo1HjvHuFgDJI8mpVObrdtGf7Ypk0TwjenBRN:D6E2864eM7YI8frdtGfEpkOwjkT
Score

10^/10

xloader u3ja discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/hibvy.dll
- Size
  
  47KB
- MD5
  
  9381e2c18571e30359ade2d7f7b4c924
- SHA1
  
  e461e74f442f2539b9a6064b078f4bcc51829bdf
- SHA256
  
  ca8b8880222f1ebd8b4840c22b429a680fe93957effc1bc02817322229713f68
- SHA512
  
  21ca9702c8c3d04aeea5f0e8799503295883b02c26eb8f21f9eee8b07d1c67280be8d08e9c6f24c883ed6cef61bbd4c21bb9c0ceba4adefa57e77bb350ed9c52
- SSDEEP
  
  768:y975Ow3AxjNV1Qv0Sl3cHle0vzdKNnhx9YfVoltso9rxKGSQd9qKOb:y977mjNV100gWemz4dhTYfVoltso9rxO
Score

10^/10

xloader u3ja discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4