xloader

General

Target

439ec2917b590c3172a790f519f751b7_JaffaCakes118
Size

430KB
Sample

240713-2jaqyszenn
MD5

439ec2917b590c3172a790f519f751b7
SHA1

5280d1249d0ca942d22d6c78cf864f129d867b65
SHA256

6dbd578bacfac6bee49b778b85cd62926c65a7f23bb33ceec705686474308898
SHA512

012e86735aeac946c4f9d419befa80801f8912c711eb33531e49bb11b993ac339c845e1a2761485f0e2d37e1e5d877201542ba5927a9c90cc371683045bb5ebf
SSDEEP

6144:G8LxBVkCInwNqWBD5Xz560A5A8/0FwN47sfJUhhRXmRNOE6SIfBQW8aFm6HlVGjM:bFBtLAq8c7bhh/l58aA6FVGj45

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

da5x

Decoy

alles-abgedeckt.com

bluetv.club

iphone13.onl

the-new-era.space

rezeromanga.net

dgwb1.com

fetch-an-us-itchy.zone

attmleather.com

clearthefear.com

clinmedicaresearch.com

dancinghares.biz

permitsgestaodetributosad.com

108manga.com

arrivalofthelightbeings.com

sasanos.com

yfpawn.com

hongduozhong.online

abqcraftshows.net

100edwardsimpson.com

comprayventachatarra.com

Targets

- Target
  
  439ec2917b590c3172a790f519f751b7_JaffaCakes118
- Size
  
  430KB
- MD5
  
  439ec2917b590c3172a790f519f751b7
- SHA1
  
  5280d1249d0ca942d22d6c78cf864f129d867b65
- SHA256
  
  6dbd578bacfac6bee49b778b85cd62926c65a7f23bb33ceec705686474308898
- SHA512
  
  012e86735aeac946c4f9d419befa80801f8912c711eb33531e49bb11b993ac339c845e1a2761485f0e2d37e1e5d877201542ba5927a9c90cc371683045bb5ebf
- SSDEEP
  
  6144:G8LxBVkCInwNqWBD5Xz560A5A8/0FwN47sfJUhhRXmRNOE6SIfBQW8aFm6HlVGjM:bFBtLAq8c7bhh/l58aA6FVGj45
Score

10^/10

xloader da5x loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/gnokeofcx.dll
- Size
  
  17KB
- MD5
  
  1d6dbd89d81d6216f259c9f35c40c42c
- SHA1
  
  b0b25bbb32c2c8b06e8a2a12706ca25e85bfb850
- SHA256
  
  781e084ab8b4ee8388ff2cbc44c502f0d1aa164556c80931ca12a9e8d525f500
- SHA512
  
  aa94d3ac2e64901141fc3102263f547e245546ba44db4215848063206d9fbb7af6e4dde075fd8ac16a06e0c8ab94f56922b2dc76b4fe301ba436f106e0cbe856
- SSDEEP
  
  192:/w8mw6RAHEkXkbrbrzXGUk9e95P7ZnOddr6g29SayucE3ROCRh1TIyWW9ShyYQlq:/ZmwskUvqUdOddr12TLRU5ydeok
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4