xloader

General

Target

b8278e92923b15789354b41cc89b638f_JaffaCakes118
Size

249KB
Sample

240404-pgzwvaeh31
MD5

b8278e92923b15789354b41cc89b638f
SHA1

9e4dc8a87d8ca82c8220ff05abed303e899b3822
SHA256

0bb2dadcdeaff57f676d59b05cf9a787669403dceabe43fd008995b2a0a8b9dd
SHA512

6c948ef9eb3781aca24ab411d4bba93fff5ec052baa622b9fcb026edd3ead6098b5e371381cc398c91fae92ae9ac308450e08515a47d3b2b2ded682c51715418
SSDEEP

6144:wBlL/ctqWfthdLZMNnOasGazR/Ejfk7gfPDZJElCI/hNEt1A:CetqWfdV+LDaF8DgWDZUCI/EzA

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

noha

Decoy

iphone13promax.support

trailer-racks.xyz

overseaspoolservice.com

r2d2u.com

dawajeju.com

nextgenproxyvote.com

xn--vhqp8mm8dbtz.group

commonsenserisk.com

cmcqgxtyd.com

data2form.com

bois-applique.com

originallollipop.com

lj0008lj.net

spfldvaccineday.info

phalcosnusa.com

llcmastermachine.com

onlyforu14.rest

bestmarketingautomations.com

officialswitchmusic.com

thepretenseofjustice.com

Targets

- Target
  
  b8278e92923b15789354b41cc89b638f_JaffaCakes118
- Size
  
  249KB
- MD5
  
  b8278e92923b15789354b41cc89b638f
- SHA1
  
  9e4dc8a87d8ca82c8220ff05abed303e899b3822
- SHA256
  
  0bb2dadcdeaff57f676d59b05cf9a787669403dceabe43fd008995b2a0a8b9dd
- SHA512
  
  6c948ef9eb3781aca24ab411d4bba93fff5ec052baa622b9fcb026edd3ead6098b5e371381cc398c91fae92ae9ac308450e08515a47d3b2b2ded682c51715418
- SSDEEP
  
  6144:wBlL/ctqWfthdLZMNnOasGazR/Ejfk7gfPDZJElCI/hNEt1A:CetqWfdV+LDaF8DgWDZUCI/EzA
Score

10^/10

xloader noha loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ukjqjohi.dll
- Size
  
  28KB
- MD5
  
  4a461edac312daf734fc0b0a1e7d1169
- SHA1
  
  bf3f1e23bf93340481bf8abf4338db4d4a22df27
- SHA256
  
  47d6f407abc8d7fe10076e0ef6dbf7f2d843e2e481a280ec79d58f1edf06574b
- SHA512
  
  3544e5fe8c2de40ca5c1f494c0b3bf7996aeefde05edc1041eed5592f3d07aa5e2741bfd253bb875c4440e673fdc0c3b574d98287b696ef5b2b40c45d64f24f1
- SSDEEP
  
  768:ol7pb0KAbav/xDCKHj13xDv//6bbtxD7:6OL2xvXMTD7
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4