xloader

General

Target

efb464ece5f5aa332a60d241aa93a74f_JaffaCakes118
Size

660KB
Sample

240414-2v6b1aga38
MD5

efb464ece5f5aa332a60d241aa93a74f
SHA1

1b07ef42b7d91b71600f7512e6eb7248510b2330
SHA256

7384a61fc69ce24610f7c4658c2ef8786c4cdc5d6ad6b33d1a9f506d6b6388d3
SHA512

86c4b630151a648ed004e543996eba2d9a54dfb14de71b1f38f2e4fe4881c4e2a8b7e2c7f6c52876d8f3eb4406b0c12c349861e024de40568306b3505bd3ef82
SSDEEP

6144:h8LxB/WPFi3n+dwNOOGAmuDkM+fcA3RNNJzYTwXF0WmZfml7WcXg6tFI:vCNOUHkMgc8zN0Wmhs7kj

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ons6

Decoy

946acc.net

ilkermulla.com

edificationhub.com

aptbaby.com

luisrgonzalez.com

postandpine.com

objective-object.com

storeydrive.rentals

mobile-find.com

africanbridaluk.com

zzjn12.xyz

ritechoiceinvestmentgroup.com

zitzies.xyz

trulyproofreading.com

ktndetermine.xyz

advertising.land

keywordgomuwk.xyz

niecliomusicspirit.com

lhortelecom.com

cryptochieftan.com

Targets

- Target
  
  efb464ece5f5aa332a60d241aa93a74f_JaffaCakes118
- Size
  
  660KB
- MD5
  
  efb464ece5f5aa332a60d241aa93a74f
- SHA1
  
  1b07ef42b7d91b71600f7512e6eb7248510b2330
- SHA256
  
  7384a61fc69ce24610f7c4658c2ef8786c4cdc5d6ad6b33d1a9f506d6b6388d3
- SHA512
  
  86c4b630151a648ed004e543996eba2d9a54dfb14de71b1f38f2e4fe4881c4e2a8b7e2c7f6c52876d8f3eb4406b0c12c349861e024de40568306b3505bd3ef82
- SSDEEP
  
  6144:h8LxB/WPFi3n+dwNOOGAmuDkM+fcA3RNNJzYTwXF0WmZfml7WcXg6tFI:vCNOUHkMgc8zN0Wmhs7kj
Score

10^/10

xloader ons6 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/rzvd.dll
- Size
  
  27KB
- MD5
  
  d255169c5e130e0104b01f2ceb04c885
- SHA1
  
  e9a0bf4c711f63829fb077b75b57a14b6bdda4bc
- SHA256
  
  66c07a5eb743d77deff8b16a8cbcc1be0795df5197874f23fd440fbf0cae38a8
- SHA512
  
  15f54c5f3de381c4b935886bd120d1e4ab609109015b6b49b842aa34b465467706ac79e0b8ad0961046e841e8e352df2a12b70653c960115e6ff92c4b282605e
- SSDEEP
  
  768:GoFuDrc9RGl9YRFbDkAkXa37bcM0qOuB1JzTMv:hErUGlYr0a8M0SdY
Score

10^/10

xloader ons6 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4