xloader

General

Target

7590ec9ca035b8a8789db1a5bf89f721179132fcbca4f97b7ebb9738d8e40ecb.zip
Size

496KB
Sample

250326-mgpprs1zb1
MD5

8ee1af5fc3b9f6df356bc832d501cc6e
SHA1

be4573254944de3cdcc149fad4864e154fc06002
SHA256

7590ec9ca035b8a8789db1a5bf89f721179132fcbca4f97b7ebb9738d8e40ecb
SHA512

85d831f72ae8382bc41e1e5cf12e3ab9333326f441fade9e8905856f35058e026f86c6fca3aa41b890e12c749a1ef0df20a8360c39b474346f172e7ce6aaf8ed
SSDEEP

12288:+BcMyMd1FGqDbbiyiy7sSbt6zoOgFOpsBVThV:ogM/bbihy7ThMYuSjV

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

dn87

Decoy

yiyuge.club

sdzrwoe.icu

divifarsi.com

sunsal.net

animeziyan.com

onlinemastersdegree.site

medknizhka.info

lowlife.one

livingroomexercise.com

themantrini.com

starconverters.com

kyssclothing.com

sa18i.art

smartdaymall.com

ohyeahblog.net

losriosnosunen.com

joannamarshwriter.com

restlanekysseoffer.com

oonabody.com

azarksigningagent.com

Targets

- Target
  
  f413624c125a8e6e6e8f4ece883a646fe784bc5a8f4f21185da1df43adc76da1.exe
- Size
  
  890KB
- MD5
  
  ce9456b4b5deccd2f6d9465482326a4a
- SHA1
  
  c8e3393bdda11aab1ede3b0f73390891fb4cd379
- SHA256
  
  f413624c125a8e6e6e8f4ece883a646fe784bc5a8f4f21185da1df43adc76da1
- SHA512
  
  a4dfd7edac6afde39b942dd18ebb80f0b91be948bffc73a07ad61668d4e83b9e622b498560a5a296cac21e1ddd6a39da5b1006ce4dfd04008062ffcad9142b6b
- SSDEEP
  
  12288:+VKdZyObtOG0OHttZpOohFSsymCpiuyWKNpaj31N7r+9o6YfBBqN8LX:+VMHwG0ON514iuyWEpaj+nYpg
Score

10^/10

xloader dn87 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2