xloader

General

Target

98ffc3c812e6cec919ebd286973e2002_JaffaCakes118
Size

445KB
Sample

240402-2j7qpafh45
MD5

98ffc3c812e6cec919ebd286973e2002
SHA1

b0d1a65445a7923870ad23ec4d80f592e808c987
SHA256

014d0ece0d472eaea73698d634308303ddb9f227f39d339a66416c3cb744d2c1
SHA512

5875f8f2c736cbf501c25635f5c9014e499a7fce01f139315cbf5c0d3c45e1e8568a9fa8ddfe60cb0a44804a7677fdcd411eab4be6177926649b1b691d97a721
SSDEEP

6144:hBlL/NDevWMKIPT48zhmgL58KCjuLkTMm6GBX3KTDDC3cz/3aKkm3HC:n6B8KC4kTrV3KlziKkR

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b2c0

Decoy

bjyxszd520.xyz

hsvfingerprinting.com

elliotpioneer.com

bf396.com

chinaopedia.com

6233v.com

shopeuphoricapparel.com

loccssol.store

truefictionpictures.com

playstarexch.com

peruviancoffee.store

shobhajoshi.com

philme.net

avito-rules.com

independencehomecenters.com

atp-cayenne.com

invetorsbank.com

sasanos.com

scentfreebnb.com

catfuid.com

Targets

- Target
  
  98ffc3c812e6cec919ebd286973e2002_JaffaCakes118
- Size
  
  445KB
- MD5
  
  98ffc3c812e6cec919ebd286973e2002
- SHA1
  
  b0d1a65445a7923870ad23ec4d80f592e808c987
- SHA256
  
  014d0ece0d472eaea73698d634308303ddb9f227f39d339a66416c3cb744d2c1
- SHA512
  
  5875f8f2c736cbf501c25635f5c9014e499a7fce01f139315cbf5c0d3c45e1e8568a9fa8ddfe60cb0a44804a7677fdcd411eab4be6177926649b1b691d97a721
- SSDEEP
  
  6144:hBlL/NDevWMKIPT48zhmgL58KCjuLkTMm6GBX3KTDDC3cz/3aKkm3HC:n6B8KC4kTrV3KlziKkR
Score

10^/10

xloader b2c0 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nawgsdqut.dll
- Size
  
  104KB
- MD5
  
  d4233fefc9328cc30b0ef014beb2f51b
- SHA1
  
  302180a5edb1fd653d7884bb60172e6edfbbeac4
- SHA256
  
  1827a3002964434b0acff1359241948e334148d3413312cfea326cae8f269758
- SHA512
  
  b3e19c83e631b6a8b8b0d00ab14af811519765b737f1497f27e8c3a8c3328038967dbb6095671e4095af48d6355b5f13cec20c38ef2dfb14cc2ae8e9482de4af
- SSDEEP
  
  1536:XlGfGAPqPOicsu0WpmS89PdDeSGTzIfTw83qVlIHyaaEil3Wkly9ncobUfs+ulZ6:1GfGAIOqXSKS13nKixlyrquv
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4