xloader

General

Target

73d8883e0c48b932a6bcb66795f03b50942be0d56e2e502743b14e11db961fa9N.exe
Size

192KB
Sample

241128-2rth2ayrhn
MD5

2a88d8c910326d95e008aa92c13929e0
SHA1

bed76d661c462730d20c7b249b5827b6128af4d0
SHA256

73d8883e0c48b932a6bcb66795f03b50942be0d56e2e502743b14e11db961fa9
SHA512

69b40e600415b5be73f8fed30c8ec03ff424c1a6e2cc5170f4ab58f1fa4e3270aea96e83167928452568df1e215e4585337b757b299aadf505242c1cc7e4390b
SSDEEP

6144:GNeZmUgf4BuF1ZOif+9mhTjbUgttnj6taxzv:GNlUoyIL9Z3UQnj6gv

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

3e9r

Decoy

143411.com

300dh.xyz

win-chance.info

essentialsofbeauty.com

skategrindingwheels.com

jyqtgg.com

exodijuis.com

goodwinpuppies.com

doitlive.online

hello-orchid.com

shangjibbs.com

innovarecic.com

fococomunicacaovisuales.com

completemarine.care

parodistluxuryroll.com

anda568.com

unicorm.digital

weaveapp.xyz

artractions.com

app-ads-network.com

Targets

- Target
  
  73d8883e0c48b932a6bcb66795f03b50942be0d56e2e502743b14e11db961fa9N.exe
- Size
  
  192KB
- MD5
  
  2a88d8c910326d95e008aa92c13929e0
- SHA1
  
  bed76d661c462730d20c7b249b5827b6128af4d0
- SHA256
  
  73d8883e0c48b932a6bcb66795f03b50942be0d56e2e502743b14e11db961fa9
- SHA512
  
  69b40e600415b5be73f8fed30c8ec03ff424c1a6e2cc5170f4ab58f1fa4e3270aea96e83167928452568df1e215e4585337b757b299aadf505242c1cc7e4390b
- SSDEEP
  
  6144:GNeZmUgf4BuF1ZOif+9mhTjbUgttnj6taxzv:GNlUoyIL9Z3UQnj6gv
Score

10^/10

xloader 3e9r discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  sjirvufszz.exe
- Size
  
  4KB
- MD5
  
  babae7abb31dcd1f94e811c758fdd33e
- SHA1
  
  0304a302eeff58291ab8f0f665059c2e422cb4da
- SHA256
  
  32b60827026569821e8f671a1e180e2162584383ddbec8f979acc1a0141cfaaf
- SHA512
  
  b8d0c4b38d04e204a2dff740c5634e548d9082a1cb1ffb55d40d78bd704efbc1b919f146867381718acfd680f93676c35f1cb74e6374b706daaeb8947c0777c8
- SSDEEP
  
  48:qcsEJQdme4aTxI7hBDrm1ZI49KIiEItJlMtEwrLsqyrj/IaIonRuqS:vDwmenZI4IIcJitEyIqijRx
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4