xloader

General

Target

7ae0efe6574d6662c0a8e4ca59facc3d_JaffaCakes118
Size

361KB
Sample

240731-cjj7ysvhpe
MD5

7ae0efe6574d6662c0a8e4ca59facc3d
SHA1

8018d590037001b2eb512006a9277802dd19b3df
SHA256

d3c68ebad6229b1da92061291639f9b48e3f76fd4c524a9850b4fbb311e180f8
SHA512

63131b0a2c357236b8f5f2f5e7a842ca67541b37fbd7f14b166dbdd1c6a05b055e15d518eb4678c1f2db2284b1158779ddfd849fccf04fd05b4b228c9190cc5d
SSDEEP

6144:q2tv7ERQ+3HwOWOh0ShExAWsodu2cuZjGaDWqsT+FdlWmnA416AQMLY3Znwf4MGK:q0ESoWq07ezAGSS+fJ1pLffuK

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

scb0

Decoy

introlly.com

slowtravelco.com

sasanos.com

3424soldbastrophwy.com

isabelaefernando.net

0754fm.com

meta-bot.xyz

778tt8.com

krallechols.quest

lipagent.com

dermaqueeniran.com

psychoterapeuta-wroclaw.com

marmorariapiramide.online

luxonealbery.com

floridawp.com

nebobuild.com

facillitiespro-sweep.com

wwgzj.com

puffsmoke.online

cryptofuelcars.com

Targets

- Target
  
  7ae0efe6574d6662c0a8e4ca59facc3d_JaffaCakes118
- Size
  
  361KB
- MD5
  
  7ae0efe6574d6662c0a8e4ca59facc3d
- SHA1
  
  8018d590037001b2eb512006a9277802dd19b3df
- SHA256
  
  d3c68ebad6229b1da92061291639f9b48e3f76fd4c524a9850b4fbb311e180f8
- SHA512
  
  63131b0a2c357236b8f5f2f5e7a842ca67541b37fbd7f14b166dbdd1c6a05b055e15d518eb4678c1f2db2284b1158779ddfd849fccf04fd05b4b228c9190cc5d
- SSDEEP
  
  6144:q2tv7ERQ+3HwOWOh0ShExAWsodu2cuZjGaDWqsT+FdlWmnA416AQMLY3Znwf4MGK:q0ESoWq07ezAGSS+fJ1pLffuK
Score

10^/10

xloader scb0 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2