xloader

General

Target

589e7ca0f06ddb626d2ffb0cd5d96672_JaffaCakes118
Size

727KB
Sample

240729-w83v5syald
MD5

589e7ca0f06ddb626d2ffb0cd5d96672
SHA1

be4cac3604c3d698d8b1770304ac8be18967932d
SHA256

1277fb7fda4e11d5c61a6c07df4af7712070f01e002d54683c879c23e739519f
SHA512

3f4d39373c7e245acaeb47d5ed5b1a748111ba25aa7fb2256ad88577fae283990e335ab42a4129c49fa89328686fd4f07752da4f7036d9abad5727f2e82f84e6
SSDEEP

12288:XOL2EC+KNAlnSVi4dVNkKQqdiuV7a+u9LjyXyM+v9u6G1xgm:XGRYAlnG7T9V7a71j8L+Y6G1xg

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

0tog

Decoy

nordicgeneralcounsel.com

global1pbx.com

schoolcovidmap.com

asfsonline.net

landquestlandscape.com

streetsaheadleisure.com

acterialed.store

supremehtv.com

oregondst.com

gsmits.com

goldershealth.com

ideagroup.one

405eastfirststreetnapa.com

cleidgarciamarket.com

buybeatsbydre.com

icdr1.com

mydivinedelights.com

trotinette-electrique-shop.com

bigbrainmedialv.com

greatheightstours.com

Targets

- Target
  
  589e7ca0f06ddb626d2ffb0cd5d96672_JaffaCakes118
- Size
  
  727KB
- MD5
  
  589e7ca0f06ddb626d2ffb0cd5d96672
- SHA1
  
  be4cac3604c3d698d8b1770304ac8be18967932d
- SHA256
  
  1277fb7fda4e11d5c61a6c07df4af7712070f01e002d54683c879c23e739519f
- SHA512
  
  3f4d39373c7e245acaeb47d5ed5b1a748111ba25aa7fb2256ad88577fae283990e335ab42a4129c49fa89328686fd4f07752da4f7036d9abad5727f2e82f84e6
- SSDEEP
  
  12288:XOL2EC+KNAlnSVi4dVNkKQqdiuV7a+u9LjyXyM+v9u6G1xgm:XGRYAlnG7T9V7a71j8L+Y6G1xg
Score

10^/10

xloader 0tog discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2