xloader

General

Target

b1e98b432deb419643d81c167fe0dc37_JaffaCakes118
Size

253KB
Sample

240404-gxledsha86
MD5

b1e98b432deb419643d81c167fe0dc37
SHA1

305c82fcc0699859e9fe11cc08f8678e23779a3e
SHA256

da0e2504009a426b799d9135979188e2c4533f69c2e981650afc51d5e8e320c2
SHA512

440e0429a4bb817b7ca9bb91f722b6678a6e443a0239a1a859e0de9d8d76f78a4a3c47b2a89b0340f97a9015d852b070788ae1fcc7e0b819115b45c702d661ed
SSDEEP

6144:wBlL/c7DTS77ZWSwgwNbXX3VQ+Zw3JlKKjzUh30RfGK54ydrBv:Ce76hw1NXXFx+KzERtdrh

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mxnu

Decoy

insightmyhome.com

gabriellamaxey.com

029atk.xyz

marshconstructions.com

technichoffghosts.com

blue-ivy-boutique-au.com

1sunsetgroup.com

elfkuhnispb.store

caoliudh.club

verifiedpaypal.net

jellyice-tr.com

gatescres.com

bloomberq.online

crystaltopagent.net

uggs-line.com

ecommerceplatform.xyz

historyofcambridge.com

sattaking-gaziabad.xyz

digisor.com

beachpawsmobilegrooming.com

Targets

- Target
  
  b1e98b432deb419643d81c167fe0dc37_JaffaCakes118
- Size
  
  253KB
- MD5
  
  b1e98b432deb419643d81c167fe0dc37
- SHA1
  
  305c82fcc0699859e9fe11cc08f8678e23779a3e
- SHA256
  
  da0e2504009a426b799d9135979188e2c4533f69c2e981650afc51d5e8e320c2
- SHA512
  
  440e0429a4bb817b7ca9bb91f722b6678a6e443a0239a1a859e0de9d8d76f78a4a3c47b2a89b0340f97a9015d852b070788ae1fcc7e0b819115b45c702d661ed
- SSDEEP
  
  6144:wBlL/c7DTS77ZWSwgwNbXX3VQ+Zw3JlKKjzUh30RfGK54ydrBv:Ce76hw1NXXFx+KzERtdrh
Score

10^/10

xloader mxnu loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/evpz.dll
- Size
  
  32KB
- MD5
  
  c820bfe346d35f1ed0d3017cadb8f16d
- SHA1
  
  a98131691df2b4445124304307130888050fe410
- SHA256
  
  439e5f590b4bea13a9bfb7c94bbd8fa99f45a310dc44c241db2375b4e8923cb3
- SHA512
  
  7d89e8677b46c3456559a0061f992be6169c63ec6a2a2eb7ec73ff36fe1fc28cbdbf3436c74fe528572b14f6865ec0f03e5480782243674ffc4423a00cefc66f
- SSDEEP
  
  384:uIbr7TBKwNuNjiVMauKBO1AhvxF756rLAK5GNrPAg9K8OtwBpYxjETl7:uIZfYNjCy1kxFsr5GNr195OccETp
Score

10^/10

xloader mxnu loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4