xloader

General

Target

10a0c979597a5ef1031499dad7ac2123791361dd24a1f2e20f42bb378a2ebe7aN.exe
Size

1008KB
Sample

241231-yv62raxjes
MD5

79f75d04c7db5ecb07bae08e762a4670
SHA1

fd81c94d3826c99423924c473738b0e549782661
SHA256

10a0c979597a5ef1031499dad7ac2123791361dd24a1f2e20f42bb378a2ebe7a
SHA512

7d71c2371f6a696424d8ab7413492c8431ad4262d82e4a62f4a9a4378815021c2f3d520de162f78182ef1a6022ad7a1cc892f0531b6e2a591f772271ffcc9cac
SSDEEP

24576:ocxWOmBGbzGUm5YejYHcZs+uyBT5MfUW0XRzqSknmw:ocxIGbF8XYHcZEyBT52NgzqFm

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gr3e

Decoy

laomaody.com

rewilding.land

airtrackdevices.com

absel.zone

aname.xyz

corruptslofnq.xyz

chaikuo.com

kitpanelas10.com

fullnatura.com

lightingway.net

zahidrasool.com

clubfohl.com

edn-by-fges.com

salsacoop.com

youniquegal.com

sedbud.net

theoutsourcedea.com

neema.xyz

aprendacoreldrawdozero.com

nxstpix.space

Targets

- Target
  
  10a0c979597a5ef1031499dad7ac2123791361dd24a1f2e20f42bb378a2ebe7aN.exe
- Size
  
  1008KB
- MD5
  
  79f75d04c7db5ecb07bae08e762a4670
- SHA1
  
  fd81c94d3826c99423924c473738b0e549782661
- SHA256
  
  10a0c979597a5ef1031499dad7ac2123791361dd24a1f2e20f42bb378a2ebe7a
- SHA512
  
  7d71c2371f6a696424d8ab7413492c8431ad4262d82e4a62f4a9a4378815021c2f3d520de162f78182ef1a6022ad7a1cc892f0531b6e2a591f772271ffcc9cac
- SSDEEP
  
  24576:ocxWOmBGbzGUm5YejYHcZs+uyBT5MfUW0XRzqSknmw:ocxIGbF8XYHcZEyBT52NgzqFm
Score

10^/10

xloader gr3e discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2