xloader

General

Target

0b0d8df4742469c74d327bdae0f3490f_JaffaCakes118
Size

922KB
Sample

240624-2ps5gswcqd
MD5

0b0d8df4742469c74d327bdae0f3490f
SHA1

808e2879bddd5ba17b5397a25281820edceae745
SHA256

6acad13221b8e15e7d5bcd3f3705c8da7751550bc6e6bf42fc23d17d0eda1a50
SHA512

b55198c32af5fd16d06fe024eb896df1d79d7d0edacc49834a5c0afb0c344434b3d9666acc4215d40bfe6f71bf85bee434e6f3deda7c9d67a1a69b3a05ed4305
SSDEEP

3072:BBkfJpRXATwMdFCct+bYGTHbzgxXCXBMz8sfUKVIbzqMmLNer0ABJEREhwBCkXx1:BqjIQYGzghO3Ol68LMJQLHhTbt

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

9bwn

Decoy

italiancoastal.com

shareandfit.com

ibexacademia.com

guejek.com

vitalbizdev.com

connemaracomputers.com

surf-livre.com

styleforwoman.com

costcopaysecure.com

kingdomandqueendom.com

www-societegenerale.com

radiokerbfm.com

marylandstars.net

thechampionsday.com

beertenderb95.com

iybbshop.com

maglex.info

vh3g.asia

zaairobot.online

ryderhydros.com

Targets

- Target
  
  Consignment Document PL&BL Draft.exe
- Size
  
  330KB
- MD5
  
  0b1f9847d93445c91cdfe0c2dd6785c7
- SHA1
  
  198b30e2b098300ec51e2e7029ababff142a5e09
- SHA256
  
  e92125c96b4bee95fd7b70d867271510071f812699733de75dd5e64636030314
- SHA512
  
  1adaa0879bd697ba972fabe8c5407bbf8bf16ea6b55cfbdffd42128174d9f1d8ebe1444a927d0b2ae376563d927467599dfe4e254b096e0f55a5b810ff46fcc1
- SSDEEP
  
  3072:NBkfJpRXATwMdFCct+bYGTHbzgxXCXBMz8sfUKVIbzqMmLNer0ABJEREhwBCkXx1:NqjIQYGzghO3Ol68LMJQLHhTbt
Score

10^/10

xloader 9bwn loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10
behavioral3 behavioral4
- Target
  
  yrcvb.dll
- Size
  
  11KB
- MD5
  
  8d80a618809cc8ce5970b0839f0e2b5a
- SHA1
  
  34af09ca5aa646debe4d2bd06fd5b3c3b7a43b09
- SHA256
  
  f4163107f632e0b431c38652eb297733f4f01d37576100673a47370da9221159
- SHA512
  
  21bfab7002044c7b33d99de355b49357ae5c45c8781ae080a906c091621ab55e39444e3ecfe04345022ab214dd50f38df0387a3386e0442312cc614bc8b397bf
- SSDEEP
  
  192:s6/In3h0bUe1nJBmKESoXIIbzuStOiKazVWGUwkcU:s6ax0B1nJBbxojuStORazsV
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6