xloader

General

Target

ef8a8ee5715950972a071606db42faf7_JaffaCakes118
Size

1.1MB
Sample

240414-z8zehagg2s
MD5

ef8a8ee5715950972a071606db42faf7
SHA1

0377d2e9eb57b8896694208c093d229b7819adda
SHA256

fc0e2a9e079a5b4e655a9df1c5ffff7d9a75253b67e19de4f6493cac7f1cc8de
SHA512

cc6a21a532becec572d9a667aad3fa223a8298c6f47581ef448c69af2920db6d9fae260844271a681f00469f196488a799943818a6821c4ec9b0e3e4a2c58170
SSDEEP

12288:X8Dc9F3nC0Py3gAhowPAA8gdBaY1Tn43UXW05r7SATsr2f6E4zcI+j4hwIP5USnf:XYPAAKYVRt7Hft4zcf4ge3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m6t2

Decoy

online-profile-verify.com

moderngypsydesignlabs.com

aptecnologiagricola.com

caprevenue.com

arcadems.com

feedbackresearchinstitute.net

shivbodhi.com

mesaglobalindustries.com

trumphonduras.com

ifwebecomeportland.info

toluar.com

thegreatoutdoor.store

tipp24.online

penyaluranpuk08.net

sheliaddesigns.com

robpaulmessage17.com

santacruzlist.com

reiki4me.com

856380512.xyz

systemsreform.com

Targets

- Target
  
  ef8a8ee5715950972a071606db42faf7_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  ef8a8ee5715950972a071606db42faf7
- SHA1
  
  0377d2e9eb57b8896694208c093d229b7819adda
- SHA256
  
  fc0e2a9e079a5b4e655a9df1c5ffff7d9a75253b67e19de4f6493cac7f1cc8de
- SHA512
  
  cc6a21a532becec572d9a667aad3fa223a8298c6f47581ef448c69af2920db6d9fae260844271a681f00469f196488a799943818a6821c4ec9b0e3e4a2c58170
- SSDEEP
  
  12288:X8Dc9F3nC0Py3gAhowPAA8gdBaY1Tn43UXW05r7SATsr2f6E4zcI+j4hwIP5USnf:XYPAAKYVRt7Hft4zcf4ge3
Score

10^/10

xloader m6t2 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2