xloader

General

Target

f5496358b80bd0a6a027ef71c50babd2_JaffaCakes118
Size

1.0MB
Sample

240417-jd2clsgh76
MD5

f5496358b80bd0a6a027ef71c50babd2
SHA1

576d34b2d11eb03ca3cab8b225a205143047bf8d
SHA256

38ddffbd4400361632904e174fd92126ec7bdac25111851e0439dcddda7f132f
SHA512

c60f138e173f3ce40a6020491bee98429aa8da0d13cafac6153312047816be160a48ec9e309698cc6a369f84bb4a3e6e2468b80d7daf1bd16bda5a1fcb74ccec
SSDEEP

24576:QUPvu9ZO5/d3NaK64fKsE5XyyjKR4nIiypS:QUPvyaaK64A5iyeR4I

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

dfa8

Decoy

rocketgoldcorp.com

bdsportslive.com

szldbxg.com

teavelersjournal.com

nilmiro.com

empporiocar.com

xishuophp.net

multigremiosmadrid.com

tucsonlot.com

fitnessketo.com

ourhomeimprovements.com

fletcher-windows.com

shab834.com

neggouyadla.com

helps-support.net

waterst.one

schoolforshapers.com

shubhshaktinidhi.com

vintatts.com

ykmmailer18.com

Targets

- Target
  
  f5496358b80bd0a6a027ef71c50babd2_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  f5496358b80bd0a6a027ef71c50babd2
- SHA1
  
  576d34b2d11eb03ca3cab8b225a205143047bf8d
- SHA256
  
  38ddffbd4400361632904e174fd92126ec7bdac25111851e0439dcddda7f132f
- SHA512
  
  c60f138e173f3ce40a6020491bee98429aa8da0d13cafac6153312047816be160a48ec9e309698cc6a369f84bb4a3e6e2468b80d7daf1bd16bda5a1fcb74ccec
- SSDEEP
  
  24576:QUPvu9ZO5/d3NaK64fKsE5XyyjKR4nIiypS:QUPvyaaK64A5iyeR4I
Score

10^/10

xloader dfa8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2