xloader

General

Target

f8ba5db8bad75222081bc6b9297126a4_JaffaCakes118
Size

603KB
Sample

240418-zqyp9aef64
MD5

f8ba5db8bad75222081bc6b9297126a4
SHA1

290a186a9869a6f3ded1049b1d567eafe0041f5d
SHA256

b4fc77c70794670f21a4c4fbc3b608589cef7b9d98acadf9b0a956404f6ca0be
SHA512

70f90c213dfd898c3f9e91bb6855493ab894604f04ced9b910c3f37eb1bbe658b6944cc847e315d7fe9d793bf1dba8772c38ef12fbf3cf41c52fcde3adca26d5
SSDEEP

12288:HOqZR8TTLtQ1AUjTivh0FuKSpWmREeYubvKRn:FR8TTCKUjY0FuKSplFUn

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b2c0

Decoy

bjyxszd520.xyz

hsvfingerprinting.com

elliotpioneer.com

bf396.com

chinaopedia.com

6233v.com

shopeuphoricapparel.com

loccssol.store

truefictionpictures.com

playstarexch.com

peruviancoffee.store

shobhajoshi.com

philme.net

avito-rules.com

independencehomecenters.com

atp-cayenne.com

invetorsbank.com

sasanos.com

scentfreebnb.com

catfuid.com

Targets

- Target
  
  f8ba5db8bad75222081bc6b9297126a4_JaffaCakes118
- Size
  
  603KB
- MD5
  
  f8ba5db8bad75222081bc6b9297126a4
- SHA1
  
  290a186a9869a6f3ded1049b1d567eafe0041f5d
- SHA256
  
  b4fc77c70794670f21a4c4fbc3b608589cef7b9d98acadf9b0a956404f6ca0be
- SHA512
  
  70f90c213dfd898c3f9e91bb6855493ab894604f04ced9b910c3f37eb1bbe658b6944cc847e315d7fe9d793bf1dba8772c38ef12fbf3cf41c52fcde3adca26d5
- SSDEEP
  
  12288:HOqZR8TTLtQ1AUjTivh0FuKSpWmREeYubvKRn:FR8TTCKUjY0FuKSplFUn
Score

10^/10

xloader b2c0 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/fqbakxndgg.dll
- Size
  
  27KB
- MD5
  
  0ec0b6676a0c830fa1d12a82e0e2ccfc
- SHA1
  
  61edae0d4bb19dd31b9ed2ed4d76c99b4f04ebe2
- SHA256
  
  c168119aced865f94f0856f3d7419f33142ffe0e8f90c94205d5707b60710617
- SHA512
  
  ea5496d61a19ac03a49788d5cc7ae18603ec728c153b9c580f6faa7cfc850c297f9978429627e765467d8130409ca25ce041f0f42065d14fe53c6ef69943e574
- SSDEEP
  
  768:OoFu+rc9RGl6YgSs30bktAkra37Wd1+rNHBYD3rHDoMgM3:JhrUGlLAqwaM1C6D3rSA
Score

10^/10

xloader b2c0 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4