xloader

General

Target

fed78acfb8c8a52155a9ef89f41961cc_JaffaCakes118
Size

299KB
Sample

240421-j5fj8afc2t
MD5

fed78acfb8c8a52155a9ef89f41961cc
SHA1

43c4a81fd2bf2e3d9c1276f817db48b0bcfeeff1
SHA256

81150cd9fcc76bee00e9cff833fcef2596dffcf66a5398b4097e49da8d6ad8dc
SHA512

1b25d0490f797e351767762406cd6ac69aaee327857f4a4edfa9c7726c9f33523e0e0deaaa473fa0074fea98cccc2427b4b478359bffa6ad02c7de9a4283760c
SSDEEP

6144:4Uq7k2QUc9xpP9GyeoL3QmOM+1yyxfwfzJJBddAgy4nC5bP:DYQBP9Gd3m21ycfADddAB4nMP

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

noi6

Decoy

yow.today

rkdreamcreations.com

etheriumtech.com

stretchwrench.com

kiddiecruise.com

stickforward.com

videocineproduccion.com

roofinginamerica.com

amarillasnuevomexico.com

armfieldmillerripley.com

macyburn.club

lvbaoshan.com

shopshelponline.com

thebunnybrands.com

newsxplor.com

momunani.com

rebelnqueen.com

tusguitarras.com

nexab2b.com

e3office.express

Targets

- Target
  
  scan-0001098.exe
- Size
  
  235KB
- MD5
  
  24147a6909f47667067a4598f50fdfc4
- SHA1
  
  29d9b920365fd2092e2d2f2ebac159882e80cb8c
- SHA256
  
  32ece49c018110f307142a5eff7d169e75731b059fbf81ac26f82aab4111b8c8
- SHA512
  
  e3ba24bd4fd68dee1ce7a17ece6a92e81ad3b0d9b272612562b5d5c1d101b8ce45c3193be4ffe38c808affab595a7e84eb704675efd7410b3d4513ade84494cd
- SSDEEP
  
  6144:Nb8EsldTMwKkBkdES/Qlhbkw7auRZKhnyN:NQEc+9kGXQbbkUP3N
Score

10^/10

xloader noi6 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2