xloader

General

Target

48040163b5b5e2d2deca93bdba8014b2_JaffaCakes118
Size

282KB
Sample

240715-dz1ejsydkb
MD5

48040163b5b5e2d2deca93bdba8014b2
SHA1

761936381c258d755a86830789fb3e02b7c4896a
SHA256

816678f27a605539befc4304ad9d82a8b95a6292180616de67b5861e0cd0a44e
SHA512

716933031ad850c35ba4b3aa572df88e20ad61eca6cd76cf761edde57fb6e0b9fc85bfbf83f4bc7dd9e750b8a7930fca39ff2389a2acc95fa50cd2fc303fc93e
SSDEEP

6144:qqjIp2Tdl/KdPGf8EMTXZ8YVDcjCCKopU+mQfVYKt:Lu2dYRXZ8QHIC+mQr

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gh6n

Decoy

cpschoolsschoology.com

thestocksforum.com

pixiewish.com

sopressd.com

muktokontha.com

tiejiabang.net

fdo.technology

kuringnl.com

barbarapastor.com

21stcenturytrading.com

digiwarung.com

canvafynyc.com

forfaitinghouse.com

3704368.com

mymonwero.com

ponpow.com

fringe.golf

heartfeltindonesia.com

defensivedrivercpc.com

allaboutgt.com

Targets

- Target
  
  Q210203W.exe
- Size
  
  220KB
- MD5
  
  fa56b6d31bcdbe7a969c432099c28611
- SHA1
  
  7ff0f279a8ed6759ea3344f484cd82d174896c20
- SHA256
  
  2b9cc84b89000fae34b2808cfbc40c76a0f9f40f02aad848c3789b2fc347ccf0
- SHA512
  
  25eeb37a943edd0cb193673644e1f60bebbf26d85951a4802c82bc56dc85dc524ec82c8d725edaf1285edf998fc193613ba8522cb649bf0ba1cc9c8edbf366eb
- SSDEEP
  
  6144:4qjIp2Tdl/KdPGf8EMTXZ8YVDcjCCKopU+mQfVYKt:1u2dYRXZ8QHIC+mQr
Score

10^/10

xloader gh6n loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10
behavioral3 behavioral4
- Target
  
  Isdjek.dll
- Size
  
  10KB
- MD5
  
  736d1bc5cb5ad0af70d6a94b768f2803
- SHA1
  
  5cd2f1e890d3f493dc61c05130c8ca2979ee0bb4
- SHA256
  
  1bba6e6e13f028e67d529d52e3614b607536f718b5d8e0aa6cd98f1aa15101b7
- SHA512
  
  909e33ffdbbe3c6f797e3eea14d5722addbbe3e5c9cb085dc2edbd8d69942de3d6dd58a57f5476a5e255b80b50869a516814b1b9791c388a2fb7749ca246cbff
- SSDEEP
  
  192:aM4myTKvnKiCON7bop/HuOaAn6MsdHGlK3cn84M2Wk7I9Hb2t:2rmCCopWO7nBnlGc8I7I9H
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6