xloader

General

Target

81fc1fc53243dca652b462d903eeba40_JaffaCakes118
Size

535KB
Sample

240801-2etm9stgmf
MD5

81fc1fc53243dca652b462d903eeba40
SHA1

342e2fcbb9f3eba8dcffea5631ee8b1925884f80
SHA256

f6b04e5510e9aea04907077edff587db5c4140c90179da4449c75aee787f0c73
SHA512

ddf4968a3448ea50be115d9b30b7a7e4916438e0eefc985dca86f3013a1ef86a54f8efdcc3a28852be08662d13b404764a92ef0e86f001affa7ebe782fd8d8f1
SSDEEP

12288:P2ACbYQjoiuM3JRI2QzP6+vvea2AZnre30:tCbYQjoBM3JRI1P6+vWadtrP

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

h3qo

Decoy

dhflow.com

jyindex.com

ezcleanhandle.com

trungtamcongdong.online

simsprotectionagency.com

easylivemeet.com

blackvikingfashionhouse.com

52banxue.com

girlsinit.com

drhemo.com

freethefarmers.com

velvetrosephotography.com

geometricbotaniclas.com

skyandspirit.com

deltacomunicacao.com

mucademy.com

jaboilfieldsolutions.net

howtowinatblackjacknow.com

anytimegrowth.com

simranluthra.com

Targets

- Target
  
  81fc1fc53243dca652b462d903eeba40_JaffaCakes118
- Size
  
  535KB
- MD5
  
  81fc1fc53243dca652b462d903eeba40
- SHA1
  
  342e2fcbb9f3eba8dcffea5631ee8b1925884f80
- SHA256
  
  f6b04e5510e9aea04907077edff587db5c4140c90179da4449c75aee787f0c73
- SHA512
  
  ddf4968a3448ea50be115d9b30b7a7e4916438e0eefc985dca86f3013a1ef86a54f8efdcc3a28852be08662d13b404764a92ef0e86f001affa7ebe782fd8d8f1
- SSDEEP
  
  12288:P2ACbYQjoiuM3JRI2QzP6+vvea2AZnre30:tCbYQjoBM3JRI1P6+vWadtrP
Score

10^/10

xloader h3qo discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Beds Protector Packer
  Detects Beds Protector packer used to load .NET malware.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Beds Protector Packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2