xloader

General

Target

79f38751442d5415f9e110082cd8bae2_JaffaCakes118
Size

350KB
Sample

240730-zfbsqsxeqn
MD5

79f38751442d5415f9e110082cd8bae2
SHA1

c512fce4ecfdf120f87683d3c2473943f4d90d49
SHA256

8312fc4d30ce5fb885603cc944258f2698e263ebc7266e35209a6d9e55ffe11f
SHA512

2410c9b07db02863822a40b7dc94005f105bf45210054bcab5ad74d812b9b7d2ef9334df60ef18cf7cbb9e6cca937cb5c0ad1e099d890edd0b5969280da31ea2
SSDEEP

3072:uBkfJpRXATwMdFCceYx5itL1f11Wz0M2U8RTBJNChHBKBULaAnb0J+pERJ6dLA/m:uqjIaK4ZUKHxEaOyl9zKj7icn7X

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gzcj

Decoy

localzhops.com

cfsb114.com

sweetiefilms.com

cyclewatts.com

bubblesportsevent.com

halloween-r-us.com

rcdzsm.com

reelatioens.com

uniquegranitebenefits.com

chainlinkdex.com

topcoolhlist.com

ivy-apps.com

shopmajesticqueendom.com

ddiesels.com

ventajuguetessexuales.online

daylight93245.com

heiyingxitong.com

personalfashion.guru

usadrugfree.com

beyondcareersuccess.com

Targets

- Target
  
  Order 54409880043.exe
- Size
  
  288KB
- MD5
  
  87f3204605783b5198fbaeada397a16b
- SHA1
  
  60344bb072a9825cda08b0335c3874986b907353
- SHA256
  
  1382bae50eece1846b8d858d0f975b900eb1a5908f789333c55b1341b1b0d57b
- SHA512
  
  bfddf86d1ca3fb0c499e6ea4657e1711c4a7a1803728729f60b52573152255a02d62d4a8d0d84b05481bd0e2573f541c37d25a0b5cbf58c181131d941065fe0b
- SSDEEP
  
  3072:QBkfJpRXATwMdFCceYx5itL1f11Wz0M2U8RTBJNChHBKBULaAnb0J+pERJ6dLA/W:QqjIaK4ZUKHxEaOyl9zKj7icn7Xt
Score

10^/10

xloader gzcj discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  215bk9gx2i8m.dll
- Size
  
  11KB
- MD5
  
  3c1357905197e81f502c9b0c4630c47c
- SHA1
  
  29121873e5d0504b22ee39a76f9538860184131d
- SHA256
  
  0d330bbfd4cdef061cd8be5d5e9aac38484b197b52192327ddf1d2591505323c
- SHA512
  
  833cf083f7ec5ece597ac0f6437321f12d140e671710f3aa0d9a789c20241ee2ba2492cf2b5d4bc0e93d12d6b4ac00e8f700502c284b44b2ab1bdb184bae7c03
- SSDEEP
  
  96:OvN1R2Rhg/EerHXJY5joqgQZYSp4Ymru9PPEGvM3Q8BHG0LjdWqam8+4pb3lFrXB:O7Mvg350fP4fuc9Hfwxm8BxFXuNyyP
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6