xloader

General

Target

0501955db3e00941f9b9854cd8c98937cfdc131c8b2bdef8ea3972cfbc552139.zip
Size

634KB
Sample

250325-effrgatp15
MD5

c1f77989e03ba9139d24261e94981a88
SHA1

fb1eb3dd37def3f56c820633ecac246d7beaef38
SHA256

0501955db3e00941f9b9854cd8c98937cfdc131c8b2bdef8ea3972cfbc552139
SHA512

e271c54d23c2c8fc53f3110c551a44a54315c137ae3fa619d406448dfcf0d83055a3b68d843b24fc5866eef898b1f2ae7b5dca45aeb15a1c1ce8af4c4090d862
SSDEEP

12288:Q1w8uRnDADJ1l4IsOFt157LMRDwbLAcxoSJawT0L1L9+30k3x+rbHoLcVRDxTPwx:ZnDADJ1l3s60+LAcbawAL1DkBibIYDxW

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

dn87

Decoy

yiyuge.club

sdzrwoe.icu

divifarsi.com

sunsal.net

animeziyan.com

onlinemastersdegree.site

medknizhka.info

lowlife.one

livingroomexercise.com

themantrini.com

starconverters.com

kyssclothing.com

sa18i.art

smartdaymall.com

ohyeahblog.net

losriosnosunen.com

joannamarshwriter.com

restlanekysseoffer.com

oonabody.com

azarksigningagent.com

Targets

- Target
  
  15a8b67526b6b563f7fd48850bc4d5fb10e504bb9b2b156c9ce1d82a8a7aaaa7.exe
- Size
  
  675KB
- MD5
  
  ba2ad8e5ad780bd8024ffadc7f2d76e9
- SHA1
  
  71dd5d11f101b56628bc7949a0e32ff0ead01af8
- SHA256
  
  15a8b67526b6b563f7fd48850bc4d5fb10e504bb9b2b156c9ce1d82a8a7aaaa7
- SHA512
  
  b283fdf4ce548412eeb920cd9d1fce43026857dec34a189853ef8f0a94b7c6495d96e974334d84b35bcc38dce7a1dd74aeeaafaba5e59644354d73edf870aacb
- SSDEEP
  
  12288:M+iri2d2mjMap3Bp1nQu4EonieFN2Mk+2vp51/wdzoGygQgJ+m4M4:qri8ukP1nQOonvwt7psygv
Score

10^/10

xloader dn87 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2