xloader

General

Target

3ea5f2026f29ad304deb032306e375d5_JaffaCakes118
Size

373KB
Sample

240712-yh5m6axfkp
MD5

3ea5f2026f29ad304deb032306e375d5
SHA1

50f89e2a1a07ec4f1ec8ab61f25df2b81fee32a1
SHA256

45fda70b08542ae52a8228a61e317973f42b477583841e384e9817d7d2dd3709
SHA512

b90466a01386446e34eee4c99d01cd8f352847560142a7996b58aaf5de08226b00819fc2e120e9beb9db33e8acd6d71c826d7c0c34bdf208f7682b7ce82477ff
SSDEEP

6144:EqjIxyyzQzgMajtKspN4AqZ6q58lkbIfnWud17VJEnXmt:xayyzQ8FjYulqZ6Jjfnd/J+XW

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

dtra

Decoy

dadaocn.com

luxecrownhair.com

defenseforcesol.com

long1021.com

jemfamilyfarm.com

artmarketingtoolkit.com

ferdew.world

imagineer.network

mbirserver.com

3blocks.world

softwarepals.com

bidduhhworks.com

boardsdog.com

ktoboflloa.com

onmerino.com

defiwd.com

araujogrouplv.net

nalgojkes.com

thekalimbachannel.space

xn--vtements-b1a.com

Targets

- Target
  
  3ea5f2026f29ad304deb032306e375d5_JaffaCakes118
- Size
  
  373KB
- MD5
  
  3ea5f2026f29ad304deb032306e375d5
- SHA1
  
  50f89e2a1a07ec4f1ec8ab61f25df2b81fee32a1
- SHA256
  
  45fda70b08542ae52a8228a61e317973f42b477583841e384e9817d7d2dd3709
- SHA512
  
  b90466a01386446e34eee4c99d01cd8f352847560142a7996b58aaf5de08226b00819fc2e120e9beb9db33e8acd6d71c826d7c0c34bdf208f7682b7ce82477ff
- SSDEEP
  
  6144:EqjIxyyzQzgMajtKspN4AqZ6q58lkbIfnWud17VJEnXmt:xayyzQ8FjYulqZ6Jjfnd/J+XW
Score

10^/10

xloader dtra loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10
behavioral3 behavioral4
- Target
  
  rsqzbmeb.dll
- Size
  
  17KB
- MD5
  
  897c832f3eb442e7f96c20ae05b4de70
- SHA1
  
  31b2460d73f6aff9a4c0c3870bc7f9249ccfcd5f
- SHA256
  
  eb2571fb4662c94ccc62555f342e8ceb726dede6353e2c3991c2c23acaa8d00b
- SHA512
  
  084c4cbcbb8cbcef77c134c7c664905ba0325bf03d90f8a5b8552f6e0ffa3923c98a1e3477541cfef5e325676926f8191ffaaa83e1ad44ee0701462cb2b829fc
- SSDEEP
  
  384:nyUREpuZ9noZ4oiG/gFdmVrRcnFTMc/fja+JnGb+ibc:nywCu9nSZcFoDcnFdGYGbv
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6