xloader

General

Target

3e0cf80ff6b94ff711170a208796a3e1_JaffaCakes118
Size

224KB
Sample

240712-tldxdstalc
MD5

3e0cf80ff6b94ff711170a208796a3e1
SHA1

2e271640cb07be65a0804e95e5c915c6156bdea5
SHA256

f51f3c1fb71a3301e0716e9025bc063e8f1aeb7c3b1bb5570f9e159f86eb67be
SHA512

0735ae53edace8b69f1ae16524bfe875b9536e9f44e603fe5158a8f5f221a2ee66767645f3a33d165d9b528a404fa7421e4f8bfaa67f79da9a97f4ad8bf38c0c
SSDEEP

3072:8jAs3HPxNZvUOGr178ueCl6H7jr0rdGXYyPX6n8H8k3sp4Qxg+VS2till3oUkt0g:80cnRe11ea83DXlPq8ck8ev+seioHP5

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gzcj

Decoy

localzhops.com

cfsb114.com

sweetiefilms.com

cyclewatts.com

bubblesportsevent.com

halloween-r-us.com

rcdzsm.com

reelatioens.com

uniquegranitebenefits.com

chainlinkdex.com

topcoolhlist.com

ivy-apps.com

shopmajesticqueendom.com

ddiesels.com

ventajuguetessexuales.online

daylight93245.com

heiyingxitong.com

personalfashion.guru

usadrugfree.com

beyondcareersuccess.com

Targets

- Target
  
  ScanDoc_pdf.exe
- Size
  
  296KB
- MD5
  
  de0a385641f08128deab9ec88a298d28
- SHA1
  
  5f51c8ce26b59ebed00f23ccc4fe696272a0bf07
- SHA256
  
  b1999a87350ef2b15e663c809ac16f2f0832ba3dcd868aefe0d36392af04da29
- SHA512
  
  8d93ba4cb7c68426b4441f2950128646fb136285ef6863f0d0c2e08c368c1174d467937a423946e95b1f5fec6213cf6127c666c143c6d5d77d932e64dd1958b2
- SSDEEP
  
  6144:Wx/MriVFI8E0P9Qsa8vJXlPqC8A8e1+uaisJPM:qFo8E0lE8h1CJA8Wai6M
Score

10^/10

xloader gzcj loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10
behavioral3 behavioral4
- Target
  
  6xvjduoucppa.dll
- Size
  
  11KB
- MD5
  
  5c05b7632a19f8b04717a76aae9e2659
- SHA1
  
  a4b1062e88f9170917ec5a9b251bd739f995c3c8
- SHA256
  
  b574aefc953483b2e57dca1653bfec41d14d0c0d460a0e7e778e943d4a1ce364
- SHA512
  
  eaef74792c64f675add11a6392e32e2eed47701add80ac9945301324057aa8778e9afbd3588109a578f3da1ff09000b1c80756ab9b7f6c5f5ef27dde7fb531ce
- SSDEEP
  
  192:OOM8EnrUm2cHjpMTl+p2/mpnTsaqIT9PzRbRit:7EV2cHjpcT/cnNNbRG
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6