xloader

General

Target

3ab21f14be3e556342196f3520ec393b_JaffaCakes118
Size

215KB
Sample

240711-ztnpfstenq
MD5

3ab21f14be3e556342196f3520ec393b
SHA1

5dc658ab63c2a614ad2be1ffe4013797d0434379
SHA256

c5cbfde3efbf5f93df14eb9110e9d747a966f74278c9cbeab6f875607009459e
SHA512

23cd8b0283589463beb674b72c2ba513d6b090af7721d27f72faaf99cc4601390e8d2494ae3e795ac1e82ff099dfb2f9265415c7c7459865e7bb196a05be4964
SSDEEP

6144:oNdKgRbEIIyGZJEV173skMH2s6ZsQlJJPF9:adK2QQ3VMH2pZdb

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gzcj

Decoy

localzhops.com

cfsb114.com

sweetiefilms.com

cyclewatts.com

bubblesportsevent.com

halloween-r-us.com

rcdzsm.com

reelatioens.com

uniquegranitebenefits.com

chainlinkdex.com

topcoolhlist.com

ivy-apps.com

shopmajesticqueendom.com

ddiesels.com

ventajuguetessexuales.online

daylight93245.com

heiyingxitong.com

personalfashion.guru

usadrugfree.com

beyondcareersuccess.com

Targets

- Target
  
  PO-001021521.exe
- Size
  
  286KB
- MD5
  
  b906a265b5e3a8afb18f2d336319ca86
- SHA1
  
  1f7b2432b7425828ae800a67313d75e30e3076a2
- SHA256
  
  0a2e7c9ad53b5355f4f723912d07f9dae7d1e2d72ac62758cdc44196f124945e
- SHA512
  
  7b4095b9f72ebf2b5ed67de9e4d28b37ff9ecc2d9178bd8fa3894cdbb49f637582af74f58c7e03e00446c4c7f8fe435bc7e65a6fa27599bfc4291c2f2480aa30
- SSDEEP
  
  6144:AqjI6KE6IeyEZBEh/7fsCMH2qKZsQTZVPSt:NDKE6kxhaH2hZ/q
Score

10^/10

xloader gzcj loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10
behavioral3 behavioral4
- Target
  
  1gbwwte3logn.dll
- Size
  
  11KB
- MD5
  
  558a057a766736289b2da31eab04db53
- SHA1
  
  ab48d1f8acdae775a154566fe7152c04eb6a7d1b
- SHA256
  
  b4607d330754a557a009ce50c3ab252743b269fca2fa99500ec58570e393b699
- SHA512
  
  d582be64cd5edf6fe608a25cb8661c5e97502b2afe817d6b3c8f7144c8c1e078afb94ce826c4bbdc35ee72cc7702d4920e00da02021418465856cd460a81d79f
- SSDEEP
  
  192:y6c4E4WP2CoNuLlnZg8aMFfzVA8G63kI0hKLgpn+t3N:KbBnLle8aMFhtGiF07pK
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6