xloader

General

Target

6e34001bb77d8e955a7cd991740ec0c4_JaffaCakes118
Size

309KB
Sample

240725-fj9dmashja
MD5

6e34001bb77d8e955a7cd991740ec0c4
SHA1

9eeb420429e1683c7d9eded687f2d636cdcdedcd
SHA256

0dcae706c2202b2c3175b258e1ed929f0e34871e0b4ef25b837747ca7407fd17
SHA512

2426d2f49bb4b9cf02727ecf64d07fd0502a8c47969f0dbd9f88779d80d200b4672369980b89c17be9fbc465a30df24010e859b8164339ea6dc9c0ba3704cb75
SSDEEP

6144:wBbCXvWRH+UKsvIuIeOmlTUzuyOlz5AW43EtMcRL/CB0nXzowVhUK6PN:AbCdbsQuIglTUCya5mv+FnXzzhUK6PN

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

csw6

Decoy

peterheesbeen.net

siberianheartpinefloors.com

stylishfreaky.com

paradiseengineers.com

mlmjewelry.com

bladerunnerzbarbershop.com

onkenradio.com

customwoodcuttingboards.com

xiaohaiysw.com

wosijm.com

officialstacicarr.com

happythanksgiving.info

neceelinef1bgoldendoodle.com

offthewagonpedaltours.com

sxhwxf.com

terrellauction.com

cupeniss.com

basilstores.com

18fap.net

pinkpiegroup.com

Targets

- Target
  
  Parcel _009887 .exe
- Size
  
  343KB
- MD5
  
  5a4d698774dca687006647cf8ae2f74c
- SHA1
  
  94cd9c7a16cdb81e407d6f3b5f86ab7f78f198b2
- SHA256
  
  6ffcc0ba3c226b49b67548dc794b8f15ffa4819c71db0141a79e538567b90916
- SHA512
  
  464649d25067e9d92d3827a5059930ba3f92cd8585a456361802e99b55acf15993b3d8e96fa34e2e4a535223458e21e0f3c406f3633ee3409a6dbfb524053555
- SSDEEP
  
  6144:GJgNxGOhj+Sswa9Y8Vp5YsiTRA0BDw9Aa/zGGrBgdxfPoPq6mJxATu6XY:G+Zj+3rlIzBDYA8zZSIPq6mJxAKQY
Score

10^/10

xloader csw6 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Core1 .NET packer
  Detects packer/loader used by .NET malware.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Core1 .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2