xloader

General

Target

98d2d5ac3bd493d77f0a7300a43d045b_JaffaCakes118
Size

450KB
Sample

240402-2d36baff76
MD5

98d2d5ac3bd493d77f0a7300a43d045b
SHA1

7fdd3b9b76f2c40df10def7ec3aa25c4fb192ec7
SHA256

1bbc8a34b7590c1593c5a79a8d0f93b17a162f44893c37aa11e4cb9e0e2d96bf
SHA512

32b7aa0518d6b41864d0f6f90d397cd377244b8f6af07178252aeb5b7ecf57e347c2aa2a3a4d94327d799bfcf8fe87b5c8164b0102c64258fd55a4c024ad0ef3
SSDEEP

12288:g4fXqKkoo4mdIaFOyzsfUvCqqTb+3e3DcGv2:9PbkoodWaEXU6P/2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b2c0

Decoy

bjyxszd520.xyz

hsvfingerprinting.com

elliotpioneer.com

bf396.com

chinaopedia.com

6233v.com

shopeuphoricapparel.com

loccssol.store

truefictionpictures.com

playstarexch.com

peruviancoffee.store

shobhajoshi.com

philme.net

avito-rules.com

independencehomecenters.com

atp-cayenne.com

invetorsbank.com

sasanos.com

scentfreebnb.com

catfuid.com

Targets

- Target
  
  98d2d5ac3bd493d77f0a7300a43d045b_JaffaCakes118
- Size
  
  450KB
- MD5
  
  98d2d5ac3bd493d77f0a7300a43d045b
- SHA1
  
  7fdd3b9b76f2c40df10def7ec3aa25c4fb192ec7
- SHA256
  
  1bbc8a34b7590c1593c5a79a8d0f93b17a162f44893c37aa11e4cb9e0e2d96bf
- SHA512
  
  32b7aa0518d6b41864d0f6f90d397cd377244b8f6af07178252aeb5b7ecf57e347c2aa2a3a4d94327d799bfcf8fe87b5c8164b0102c64258fd55a4c024ad0ef3
- SSDEEP
  
  12288:g4fXqKkoo4mdIaFOyzsfUvCqqTb+3e3DcGv2:9PbkoodWaEXU6P/2
Score

10^/10

xloader b2c0 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/gyalquzbu.dll
- Size
  
  33KB
- MD5
  
  a8caa6d267951ad22e835233b5e50c46
- SHA1
  
  45c722c5958d99727a95d30eaa3032203d1f4ab2
- SHA256
  
  db7b70b0734285b8d9a1f3617e55603b0cb649d9bf0b7fbf8988c44e684f4e76
- SHA512
  
  9ee74bf576554210f8923dda8aa28f6dc7f3c5aa52da7b48a94beaf56cb4e27f1c3d0387cc9116e467631bc13c0e743341129bffa84b9db16ace1248a53b4cd7
- SSDEEP
  
  384:8o2En0QXbRRe9fsWZAmSlmMNAC8Qqgqdq9RHvHZXktPaa+LiJtLydc8f1eWU9Rkj:L2zf9HPaa+2tLKJcMaTxOMFs0o
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4