xloader

General

Target

f62df66e02f1a6d000acd5bd02eba7c4_JaffaCakes118
Size

539KB
Sample

240417-ttgcgsgf5v
MD5

f62df66e02f1a6d000acd5bd02eba7c4
SHA1

20bb7c20bbff390a88da1e88942110459f3be3f3
SHA256

debc44004d1383a588955e4f11ee66089b302bf041d127470927206642ed35ad
SHA512

b17d0bbd97b91fc2c0fc0268d4a0a52570cb70515d1dae8fc697fb531a45b5dbd8c50711ebc05fe7cfb5d2bf81dbe4cc0e58e0603f55883eca42d586d845824d
SSDEEP

12288:Avp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvX9xhobZfoNdb:FWfUdl1y6slERzzuFAn

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m8uk

Decoy

corona-mid.com

diatomitetk.com

douyinlanv.info

shaloodeh-bana-ofogh.com

maggierosscats.com

homemadeearring.com

thanhnepgiay.net

orphanscode.net

betterchariot.com

sexforty.com

ceoclubnepal.com

messinacon.com

zaracollections.com

sportsonedeals.com

pooksapotheca.com

android-trust.com

thefilipinoairfryercookbook.com

winouwin.net

theurbanpreserve.com

rbmworld.com

Targets

- Target
  
  f62df66e02f1a6d000acd5bd02eba7c4_JaffaCakes118
- Size
  
  539KB
- MD5
  
  f62df66e02f1a6d000acd5bd02eba7c4
- SHA1
  
  20bb7c20bbff390a88da1e88942110459f3be3f3
- SHA256
  
  debc44004d1383a588955e4f11ee66089b302bf041d127470927206642ed35ad
- SHA512
  
  b17d0bbd97b91fc2c0fc0268d4a0a52570cb70515d1dae8fc697fb531a45b5dbd8c50711ebc05fe7cfb5d2bf81dbe4cc0e58e0603f55883eca42d586d845824d
- SSDEEP
  
  12288:Avp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvX9xhobZfoNdb:FWfUdl1y6slERzzuFAn
Score

10^/10

xloader m8uk loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2