xloader

General

Target

24d8e6cc929bb74585c94204900ee353_JaffaCakes118
Size

428KB
Sample

240704-gks9gazcnb
MD5

24d8e6cc929bb74585c94204900ee353
SHA1

c2d4590e3eb34aad43f2138e35d27454ec5be632
SHA256

e0f6a62ae1dfbd451655ef46b2d3f3267edd04fab1b9683a7087cfb89d40545d
SHA512

86e3f877b1faedad9cfa21588adafb28f0e45d25c48119555f661afb12b36b669ee1ea9ea6f21ab2dc2ac87ab9c2ceabe8ff5d9ec996809f3f131708854cf0e1
SSDEEP

6144:oka69q64IsC3PTuBZQTjFrHdv/OGOWKr8si+fssX6AkrfZlqpg2n94VK9gXt:oT6lDsMysTjBHdBOt8bAMpkRg9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uidr

Decoy

dulichsongcham.com

cash-royal.com

geneseewildlifetrapping.com

9cc9x79m3y2.com

ntjjzx.com

joinglooko.com

upmchealhtrak.com

hookandcask.com

orca-web.com

ag3holdings.com

empoweredinvestmentstx.com

lustywall.com

rcpelaurentides.com

goyalcoorchidnirvanatwo.homes

iotajinn.com

littlemlive.com

hippocratesbio.com

ashleysema.design

175a45.xyz

bpocompaniesphilippines.com

Targets

- Target
  
  Quotation.exe
- Size
  
  576KB
- MD5
  
  e1ebd51a52544a2ca2b2f8ac9a47a31c
- SHA1
  
  78c4acc43fedb4bf54220c7382b9a45c768aca3e
- SHA256
  
  f079d07d554c8fb387b3b5d040adb87504417def132f6e04578ecc0afd01eae6
- SHA512
  
  9bd32196620058a335ade12b0af4b94cddd37d2ed88004f1191e4f4fd7b805d6ebdad906c092c6d3d6e4859fa6ebd1902c0e9e15a29eeda7da1f1593797d7486
- SSDEEP
  
  12288:EzeaAF5gj58O4iwrhCB+jl9y1v2riq09qNZQNKF2AUjg7dA:E4gWO4vCBUg2rn091tA0gBA
Score

10^/10

xloader uidr loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2