xloader

General

Target

880bb1c0b442c92fea3602cc77135382_JaffaCakes118
Size

212KB
Sample

240810-25t2qashqm
MD5

880bb1c0b442c92fea3602cc77135382
SHA1

bf73618ed6ea7587ba17efdbd63b187e820512ae
SHA256

8241caa4d6c5a09290864492d19dee143f0f80074d370135c0f91bad01c16ee3
SHA512

d5915d1ae8d95d2faf0c8bb6cda819968056b34eee75c6038778f0ab0c9c211b21242910c8ece277cc6b5f4ab423fd4f7f4c44fde1fc3b4bd8ddec1db7cef1f8
SSDEEP

6144:bx/MNFATnKiCth1LdHYrkMkmtdjG7rKMQn78:xWFTiKhlZYAgi7+MW8

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ivay

Decoy

b4ukid.com

missioncontrol2030.com

chriswhitefoto.com

guepard-marine.com

getlauded.com

jingdonglm.com

clintlove.com

boldstrategicmedia.com

bluebay3dwdmall.com

aishag.com

forexexpoaward.com

basslakedisposal.com

bukannyaterbuai36.com

learntrhc.com

cancunpolo.com

case-cornershop.com

tahiticomplementos.com

dashanzhf.com

wholeholistichealth.com

inass-yassin.com

Targets

- Target
  
  880bb1c0b442c92fea3602cc77135382_JaffaCakes118
- Size
  
  212KB
- MD5
  
  880bb1c0b442c92fea3602cc77135382
- SHA1
  
  bf73618ed6ea7587ba17efdbd63b187e820512ae
- SHA256
  
  8241caa4d6c5a09290864492d19dee143f0f80074d370135c0f91bad01c16ee3
- SHA512
  
  d5915d1ae8d95d2faf0c8bb6cda819968056b34eee75c6038778f0ab0c9c211b21242910c8ece277cc6b5f4ab423fd4f7f4c44fde1fc3b4bd8ddec1db7cef1f8
- SSDEEP
  
  6144:bx/MNFATnKiCth1LdHYrkMkmtdjG7rKMQn78:xWFTiKhlZYAgi7+MW8
Score

10^/10

xloader ivay discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  y0zm8a3.dll
- Size
  
  10KB
- MD5
  
  97a4b8d2d5f382d5f8ac8729cf275a10
- SHA1
  
  9cec1d44b8c2b1969bc3e2462bf5a781e60838ae
- SHA256
  
  ed7c4b5835e0dd5b8898edb8293c42558aa3dc893ae20a6d0b2a5336e1bd792d
- SHA512
  
  ab24b022d91a475eabe81d2512899ec8f62ee8d6e44142ffbed2302f080963c362ae5d0ba9efc70ed71350280e007d0843d60f1f26611233425317110ac902d0
- SSDEEP
  
  192:WzCVq0vekzSzeLIaRXUPyzJ2pCA6orBhysZKyqwlMw:WIPSzeMPyzJ2p96orSsYyqQM
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6