xloader

General

Target

df83a74d654a13dbbe99e13df00031e2ac70e741ed2765c5c5abb299c3dae89d.exe
Size

1008KB
Sample

241231-wvhytasmfy
MD5

062c34199a781027767c89c7a0570c66
SHA1

faf913de989dfbe50eebc5835c4cc622ab499679
SHA256

df83a74d654a13dbbe99e13df00031e2ac70e741ed2765c5c5abb299c3dae89d
SHA512

97e6e88796383fac56e09e11afdcfd802f799fca142abdc362baa9605217213fa43647856b911b7db2ac521b934bca74e76940b599a8a5907a3d42916e145716
SSDEEP

24576:ocxWOmBGbzGUm5YejYHcZs+uyBT5MfUW0XRzqSknmwH:ocxIGbF8XYHcZEyBT52NgzqFmg

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gr3e

Decoy

laomaody.com

rewilding.land

airtrackdevices.com

absel.zone

aname.xyz

corruptslofnq.xyz

chaikuo.com

kitpanelas10.com

fullnatura.com

lightingway.net

zahidrasool.com

clubfohl.com

edn-by-fges.com

salsacoop.com

youniquegal.com

sedbud.net

theoutsourcedea.com

neema.xyz

aprendacoreldrawdozero.com

nxstpix.space

Targets

- Target
  
  df83a74d654a13dbbe99e13df00031e2ac70e741ed2765c5c5abb299c3dae89d.exe
- Size
  
  1008KB
- MD5
  
  062c34199a781027767c89c7a0570c66
- SHA1
  
  faf913de989dfbe50eebc5835c4cc622ab499679
- SHA256
  
  df83a74d654a13dbbe99e13df00031e2ac70e741ed2765c5c5abb299c3dae89d
- SHA512
  
  97e6e88796383fac56e09e11afdcfd802f799fca142abdc362baa9605217213fa43647856b911b7db2ac521b934bca74e76940b599a8a5907a3d42916e145716
- SSDEEP
  
  24576:ocxWOmBGbzGUm5YejYHcZs+uyBT5MfUW0XRzqSknmwH:ocxIGbF8XYHcZEyBT52NgzqFmg
Score

10^/10

xloader gr3e discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2