xloader

General

Target

c0eb90010d882e33340c40bde08474cb_JaffaCakes118
Size

257KB
Sample

240404-ya8pvaha29
MD5

c0eb90010d882e33340c40bde08474cb
SHA1

f76f7e4eff72ed9d5669cef62ecda5b65d051c84
SHA256

014fdffc1561ee767b1189c5b496f587d16ba7d394ca9d26d2e7d6f8541ebc92
SHA512

19cc012358ad74980a8f1e18bcad3718a5fb36559d5bbfe220c534c271cd8f2701cce06416438796b9dbcb97769d4b3467e0e23a13c49bc60e597e0a6ad49e13
SSDEEP

6144:F8LxBsM33J1rFUe7alz20oWieTVzbNFhNFYwENyshjvsGEOdxn:/M3frFL7MFviQVxFhQJhLs3Oj

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mxnu

Decoy

insightmyhome.com

gabriellamaxey.com

029atk.xyz

marshconstructions.com

technichoffghosts.com

blue-ivy-boutique-au.com

1sunsetgroup.com

elfkuhnispb.store

caoliudh.club

verifiedpaypal.net

jellyice-tr.com

gatescres.com

bloomberq.online

crystaltopagent.net

uggs-line.com

ecommerceplatform.xyz

historyofcambridge.com

sattaking-gaziabad.xyz

digisor.com

beachpawsmobilegrooming.com

Targets

- Target
  
  c0eb90010d882e33340c40bde08474cb_JaffaCakes118
- Size
  
  257KB
- MD5
  
  c0eb90010d882e33340c40bde08474cb
- SHA1
  
  f76f7e4eff72ed9d5669cef62ecda5b65d051c84
- SHA256
  
  014fdffc1561ee767b1189c5b496f587d16ba7d394ca9d26d2e7d6f8541ebc92
- SHA512
  
  19cc012358ad74980a8f1e18bcad3718a5fb36559d5bbfe220c534c271cd8f2701cce06416438796b9dbcb97769d4b3467e0e23a13c49bc60e597e0a6ad49e13
- SSDEEP
  
  6144:F8LxBsM33J1rFUe7alz20oWieTVzbNFhNFYwENyshjvsGEOdxn:/M3frFL7MFviQVxFhQJhLs3Oj
Score

10^/10

xloader mxnu loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/fgxbpquymg.dll
- Size
  
  27KB
- MD5
  
  0b97cba1e0824c22255acd7317ed649d
- SHA1
  
  5c015f2a900554ba0d2303f5da3ebbaa78f7940a
- SHA256
  
  1618a682392591c00a2ee82b7eb7f4f082ec34350ad30dbe619b57198688b1e8
- SHA512
  
  e14ff3d23a702ff88077155e4c3262abcb20ad4d63d95070ad27046284db1ecaa586cef4a8ab22d1dd7d0361966d24f418d039cc04a52309ab9314f7fa58f123
- SSDEEP
  
  768:1oFujLc9Rml6Y8fFbSNAkYaX7mpBfZC3/NcSPcM2:6kLUmlFKzasBBC3/NcnR
Score

10^/10

xloader mxnu loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4