xloader

General

Target

6eede7c5b08dcd2860119d4f456be572_JaffaCakes118
Size

1.9MB
Sample

240725-ky692azcml
MD5

6eede7c5b08dcd2860119d4f456be572
SHA1

9d47c2ac288d9cee2b79dec75fc4f6b6b0ab0fb2
SHA256

5a88f2832e625232b811db9715dcbb1058f9b33ae86677a95c3482ba66f2b98f
SHA512

49a5a2c1e1ab9a26cdcf93711cc2c54a34f686feeec6bbb57a71cefb31d3f914d31afa0e1fe6edbfdf6220635e33245d36e29a8f14f691f03f66fef3c7df598a
SSDEEP

24576:ZNmnNPidL6R8S4RMkLWRzFGscXzmExOEY4UJKW1mTLFeCXDMDYxN7:eNtzGsmY4UJKW1mTLFeCXDMDYxN

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bw82

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

- Target
  
  6eede7c5b08dcd2860119d4f456be572_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  6eede7c5b08dcd2860119d4f456be572
- SHA1
  
  9d47c2ac288d9cee2b79dec75fc4f6b6b0ab0fb2
- SHA256
  
  5a88f2832e625232b811db9715dcbb1058f9b33ae86677a95c3482ba66f2b98f
- SHA512
  
  49a5a2c1e1ab9a26cdcf93711cc2c54a34f686feeec6bbb57a71cefb31d3f914d31afa0e1fe6edbfdf6220635e33245d36e29a8f14f691f03f66fef3c7df598a
- SSDEEP
  
  24576:ZNmnNPidL6R8S4RMkLWRzFGscXzmExOEY4UJKW1mTLFeCXDMDYxN7:eNtzGsmY4UJKW1mTLFeCXDMDYxN
Score

10^/10

xloader bw82 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2