xloader

General

Target

9b3c7e859707d5c2c204e749be93019538077ee15bfefe988c06af42741af90d.zip
Size

463KB
Sample

250326-zpc26avnx4
MD5

ae1d60280f147577a926fd94f155e34c
SHA1

46f209a70404b3f423584f4dc0cd63fff6c050ed
SHA256

9b3c7e859707d5c2c204e749be93019538077ee15bfefe988c06af42741af90d
SHA512

db0f913b8c74409563aa27b6c854500d0a6019734789684c5537aaa134c2200327583690d6b1431fd9003dcc6d2010fb74af9ba9a4525e2ca5f9e651236810a6
SSDEEP

12288:475mKGPD5m1Py5X2SZVFllTRBiifwkpCFk/LEigxGRQc:4sFmEMSZVTQhFkzEhox

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

nwrr

Decoy

mentalsafariwithmari.com

emveenterprise.com

antivirus-zastita.com

aonetiger.com

alfexx2.website

overstockalpine.com

navigateoffroad.com

upscaleboxes.com

sailboatvn.com

poemoca.com

saildeskservices.com

recoveryrhode.coach

dmgbreastcare.com

objectuu.com

lynxatifs.com

brevetti-ai.com

salamtak.life

theharmesteam.com

hopeharboracademy.com

foodandfitnesschannel.com

Targets

- Target
  
  53425ac47307e7d6e98deae06742bfebdade503bf6e48766a84ea52a3045f3a8.exe
- Size
  
  839KB
- MD5
  
  f5ffaae6be1c826e53cbd033f83d5c8e
- SHA1
  
  6bfd67c6bca69df6ed4f0d20842ab4ebdfafcde4
- SHA256
  
  53425ac47307e7d6e98deae06742bfebdade503bf6e48766a84ea52a3045f3a8
- SHA512
  
  afc22067d485940f4699076389e3329b5823ebc96d88224cecab2f343a6a113586a8e7eb8f69134c3fe5277660d6297d5e0673e2972734b085d61bb2fd22ffd1
- SSDEEP
  
  12288:xbkNnMdUO4rvcMZKwangiFPWY/mnM44ZVA0hj+22etupDboQcNdhVACRYeK8LX:m6j4rvrKwang6WCxVA0dOGMDvcNdMX
Score

10^/10

xloader nwrr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2