xloader

General

Target

72283d2934590477196a68be6a4461ab_JaffaCakes118
Size

532KB
Sample

240726-ccwx6sygql
MD5

72283d2934590477196a68be6a4461ab
SHA1

35335688c995b13857ebd77a45f081d1de721829
SHA256

b11e28ea95617f3fcbbf7b15afca6965a0cf3ba50965e03c84f41cb1955bc5ff
SHA512

5137c547d5e1daa7b07148059fb18d59d99f33dbaf786e8ed0b10c79fd05c93bf73e236c582d7e33304bfe9d5945637270fbb6149485987d7f362c1719224f87
SSDEEP

12288:XEp95pUGVHdTWjVzekgfxpjQsIAjsADP9VvFqrr3MkMzhFWlWrlJ:CPiGVHpWRze5xpN7D74rwkMbWM

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uidr

Decoy

dulichsongcham.com

cash-royal.com

geneseewildlifetrapping.com

9cc9x79m3y2.com

ntjjzx.com

joinglooko.com

upmchealhtrak.com

hookandcask.com

orca-web.com

ag3holdings.com

empoweredinvestmentstx.com

lustywall.com

rcpelaurentides.com

goyalcoorchidnirvanatwo.homes

iotajinn.com

littlemlive.com

hippocratesbio.com

ashleysema.design

175a45.xyz

bpocompaniesphilippines.com

Targets

- Target
  
  Quotation.exe
- Size
  
  864KB
- MD5
  
  c1a77dddf52f12af022d82471e6bdf19
- SHA1
  
  c39c5f47d73dd8a0b7fd2ebaad7a7b57a92d0ea0
- SHA256
  
  5528ee96b8cefda8ec99999701a1673fb0dff17a8e603f2c8ccd3abac08f7489
- SHA512
  
  b0825bccffaa39791d19919f0ae3f95f384c9da6aad24f50d3623267da266ddde95eb7f0d3777e33cc013a0fe770230a8e03501b7b32d1834528b61af14b60cb
- SSDEEP
  
  24576:BM94rYW6Z7iYtU+wkx8JwKD84r9kMXW+mj:mnZ7iYtCwi8SHvmj
Score

10^/10

xloader uidr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2