xloader

General

Target

1d23db5f1e76764a774677d809ee7fb0_JaffaCakes118
Size

249KB
Sample

240329-j6lsmada5w
MD5

1d23db5f1e76764a774677d809ee7fb0
SHA1

fd085837d82bd4fb5970880d8d8a7bf647288298
SHA256

06a96d390ef022721da30abba6d35467fbbd35f09f32e23825a83fc3928292a7
SHA512

ac416d2c573a63a33543a1893c4e2c373ed72165f58ba96efd4fecfb146be70e944cd733b9e74b0e1190d01836ffea3dced0a7137b799a52af6f989c091cf8ed
SSDEEP

6144:wBlL/cOLlLOoSYI4prro68IQsgkYVin1MiKe++RkcvchH/egi:CeejSYI4s1Cn1UNQpEdji

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u9xn

Decoy

lifeguardingcoursenearme.com

bolsaspapelcdmx.com

parsleypkllqu.xyz

68134.online

shopthatlookboutique.com

canlibahisportal.com

oligopoly.city

srchwithus.online

151motors.com

17yue.info

auntmarysnj.com

hanansalman.com

heyunshangcheng.info

doorslamersplus.com

sfcn-dng.com

highvizpeople.com

seoexpertinbangladesh.com

christinegagnonjewellery.com

artifactorie.biz

mre3.net

Targets

- Target
  
  1d23db5f1e76764a774677d809ee7fb0_JaffaCakes118
- Size
  
  249KB
- MD5
  
  1d23db5f1e76764a774677d809ee7fb0
- SHA1
  
  fd085837d82bd4fb5970880d8d8a7bf647288298
- SHA256
  
  06a96d390ef022721da30abba6d35467fbbd35f09f32e23825a83fc3928292a7
- SHA512
  
  ac416d2c573a63a33543a1893c4e2c373ed72165f58ba96efd4fecfb146be70e944cd733b9e74b0e1190d01836ffea3dced0a7137b799a52af6f989c091cf8ed
- SSDEEP
  
  6144:wBlL/cOLlLOoSYI4prro68IQsgkYVin1MiKe++RkcvchH/egi:CeejSYI4s1Cn1UNQpEdji
Score

10^/10

xloader u9xn loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/cktnw.dll
- Size
  
  33KB
- MD5
  
  c14be851c02ced07aa473797b77af63e
- SHA1
  
  72384ab063295b0b31fcfbe1fe4a08aa19c10b8b
- SHA256
  
  40f8b44bd12a715c7ca5095a014babd72c7340a85f1c23a82d2ab63ee8f7c524
- SHA512
  
  98722f06e00f9e2a1d47fafed1738413beb61e4b39c39884aa273d0fa25c61aaa0192a25ff77aaae383c4607c3fb8ef10b2ae2d6a0af8efac404623953b17834
- SSDEEP
  
  768:V2Jr7mkC9WcImurJ/rg+7tRbnEYxi8nBbkO8:ox7mkC9WcImurJzgQ9nEF8nBw9
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4