xloader

General

Target

cfdc9cc4f1f491f68af1bec62154927ae5825ad9ffba8fc239341ab0a3f263c0.zip
Size

280KB
Sample

250327-kveqls1rw6
MD5

b72d3c5bbfc82334842011b6dce41b49
SHA1

e9850c15c04e4e771613f1205c9a524978e9ef9f
SHA256

cfdc9cc4f1f491f68af1bec62154927ae5825ad9ffba8fc239341ab0a3f263c0
SHA512

56886923f9671d91e1610886fe1351cd82fb21c760f4302dcd844d14df094355fcab62139355eb92accaad0cdb02c554d758534ebceefc2e4e50614ba6ca4fdb
SSDEEP

6144:fBs8OHPjz/JFyB5kgezaBWkc8RRZUSv5xyPoZ9aA8kiAy7GEi6W:fBuPPJFyB5kkc6ZUSvPSY8kyw6W

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.2

Campaign

utau

Decoy

frenchtogether.info

thefriendsofmaryc.com

meridianconversation.com

pleasingpleasure.com

relliant-rehab.com

meunegocioonlineoficial.com

jutuiess.site

sorelshopitalia.com

minnesotaunited.club

meditationmateau.com

wisheskennel.com

nothingbeatsagreatstory.com

equityinengineering.com

designantageuk.com

towstate.com

floridapremierestates.com

qianwanshang.com

mamentos.info

coraltechnologygroup.com

guoyijidian.com

Targets

- Target
  
  Order Specification Requirement With Ref. AMABINIF38535.exe
- Size
  
  558KB
- MD5
  
  ec44d0c4ec44347f9f8ee63b4bec5210
- SHA1
  
  362eda0fa5bd2cd4f50d0f7e9cf0cc641a08b163
- SHA256
  
  ed6182df3469dfdc4084aea0aca3714a90498401d608c7a0ab818329c42ab21f
- SHA512
  
  ee7e79980421b97fccdbe453c5daa98798fc82e8951c3d6aee49a939a1721e2c885ad22c69721488644f277e719d60d2fd1a8f595ceb370d29d899bbca7e1338
- SSDEEP
  
  6144:AO6oVJ59N2c3FEyohRbTnIkwcDku8dQDKfcQqUwSLjiXTkgQ:ASJ59r3F0bTnlwcDkuzMcfSLYTTQ
Score

10^/10

xloader utau discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2