xloader

General

Target

b50f2ee58a34c1e367450e1e2bc107bf_JaffaCakes118
Size

247KB
Sample

240404-lqjz7sbf51
MD5

b50f2ee58a34c1e367450e1e2bc107bf
SHA1

9a5bc255948f7b16eb3d109808d8d1bafd1f6070
SHA256

12fa6c4f9dc345eca587fe606caf9a5eccfcdc5456b2617ec17b1b1f1e06d24a
SHA512

fc3aed1caf7cdc271bfca44c8a7bcb254c7331f882c2a5903be7e9921ce71563dcfe305ed0f24838707f30909fa5cbb60854a187e46dc308bbb2c206a71148bb
SSDEEP

6144:wBlL/cO5N8NT5W5DK4ZJzUhzmAsSQ75tRb3Mmuw7mc2tRsjyaEWj0kC:CeOIrqDK4ZZUz8SQfRbPJmc2TWIN

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u9xn

Decoy

lifeguardingcoursenearme.com

bolsaspapelcdmx.com

parsleypkllqu.xyz

68134.online

shopthatlookboutique.com

canlibahisportal.com

oligopoly.city

srchwithus.online

151motors.com

17yue.info

auntmarysnj.com

hanansalman.com

heyunshangcheng.info

doorslamersplus.com

sfcn-dng.com

highvizpeople.com

seoexpertinbangladesh.com

christinegagnonjewellery.com

artifactorie.biz

mre3.net

Targets

- Target
  
  b50f2ee58a34c1e367450e1e2bc107bf_JaffaCakes118
- Size
  
  247KB
- MD5
  
  b50f2ee58a34c1e367450e1e2bc107bf
- SHA1
  
  9a5bc255948f7b16eb3d109808d8d1bafd1f6070
- SHA256
  
  12fa6c4f9dc345eca587fe606caf9a5eccfcdc5456b2617ec17b1b1f1e06d24a
- SHA512
  
  fc3aed1caf7cdc271bfca44c8a7bcb254c7331f882c2a5903be7e9921ce71563dcfe305ed0f24838707f30909fa5cbb60854a187e46dc308bbb2c206a71148bb
- SSDEEP
  
  6144:wBlL/cO5N8NT5W5DK4ZJzUhzmAsSQ75tRb3Mmuw7mc2tRsjyaEWj0kC:CeOIrqDK4ZZUz8SQfRbPJmc2TWIN
Score

10^/10

xloader u9xn loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/gibh.dll
- Size
  
  27KB
- MD5
  
  6a6e5ce1da420ef522bed80375260881
- SHA1
  
  acc4a1f85c397d6b93ba69f43182cbaf8d9cd768
- SHA256
  
  829d331503e630301cb7e037a7e451e5e697db9573ee5ea5e2e2e2e5d195e6b1
- SHA512
  
  1f1bdab25301ac57cd5d796557625a6a812900f01c44bf391fa1052f5fecf05b8c8edcb80b44ab1a7e4a74943aa722fc801b28e1212e6858c4d8b7b8d64f7102
- SSDEEP
  
  768:rCSGFyjZQMA7VpLHqQC8Wna8x8/hBSwXo:ri7jHqQ6l85BdXo
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4