xloader

General

Target

839506b9d3655b1259a95797348748ab_JaffaCakes118
Size

366KB
Sample

240809-z5mxastcmb
MD5

839506b9d3655b1259a95797348748ab
SHA1

92e9c881fc6487f3533c873b08099b82c5ad51ab
SHA256

6a545d90b499264c401c3afad3e926547f86349dfc12b9c50700afc0590cfc53
SHA512

5a6a2a7291fc72fdea44c12c93d49657dfbaa5430e678af91f7f6ddc6172650285c94ee61a4f366fb7fded41b618e76892de806b045f40bfbe2fc46836ca86f8
SSDEEP

6144:kt2rERQ+3HwOR3fQHqfY4D5jgL24waD4pd26J8vKRNvHe0f9fqrHTG/fp0:vESoR3kTq58LBwTuvKRNv+0Fi7TG6

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

sz40

Decoy

simple-tools.store

darielapak.com

bencover.com

profitacceleratorlab.com

palmdesertcatering.com

panthamtek.com

kumilkmall.com

cerulelodge.com

moviesonlinefri.com

stock-333.com

tsgw98.com

9ynrx.info

washedproductions.com

lifestyledesignsessions.com

ferremaxi.com

atlantaluxebnbs.com

hoidotsbirky.quest

bobmell.com

cinqueseitre.com

showtimepictureframing.com

Targets

- Target
  
  839506b9d3655b1259a95797348748ab_JaffaCakes118
- Size
  
  366KB
- MD5
  
  839506b9d3655b1259a95797348748ab
- SHA1
  
  92e9c881fc6487f3533c873b08099b82c5ad51ab
- SHA256
  
  6a545d90b499264c401c3afad3e926547f86349dfc12b9c50700afc0590cfc53
- SHA512
  
  5a6a2a7291fc72fdea44c12c93d49657dfbaa5430e678af91f7f6ddc6172650285c94ee61a4f366fb7fded41b618e76892de806b045f40bfbe2fc46836ca86f8
- SSDEEP
  
  6144:kt2rERQ+3HwOR3fQHqfY4D5jgL24waD4pd26J8vKRNvHe0f9fqrHTG/fp0:vESoR3kTq58LBwTuvKRNv+0Fi7TG6
Score

10^/10

xloader sz40 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2