xloader

General

Target

8ad07c872b26836c027aeb4d8ad17c77_JaffaCakes118
Size

286KB
Sample

240811-sc8vqsvark
MD5

8ad07c872b26836c027aeb4d8ad17c77
SHA1

2c0aae38635c6378693149e3fd23138af006c260
SHA256

5101663e1850401504dd1e56231725be9a3001ed01e99fa88d348b9511c52f4d
SHA512

ac9cb6104b0450f5bcae4c17b528b3005c868958475677b67561032a5c5cf5d498d4f75b2ac4d784cfe75fd6f433ac6ad31d04767426a8f1d5238a18714a34cc
SSDEEP

6144:gqjIJKoE5Z+QQ7ZE6MXq8L3qtEthgODYmB24bSUa1t:tUKojQQKLPDV9Sr

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pkfa

Decoy

keto-easy.xyz

shizuoka-kensetsukyoka.com

biubiu.one

thepainreliefsolution.com

realternews.com

kienthucthuvi.online

bernardrobert.com

superheroesindisguise.com

albacafe.com

disocverpersonaloans.com

crimson-explicit.com

darkwidowerhumor.com

shamanredfox.com

zeno-services.com

worksmade.com

danielsenterprisesllc.com

dolebs.com

gewoongroen.com

maxtrustplumbing.com

katiebethhedges.com

Targets

- Target
  
  8ad07c872b26836c027aeb4d8ad17c77_JaffaCakes118
- Size
  
  286KB
- MD5
  
  8ad07c872b26836c027aeb4d8ad17c77
- SHA1
  
  2c0aae38635c6378693149e3fd23138af006c260
- SHA256
  
  5101663e1850401504dd1e56231725be9a3001ed01e99fa88d348b9511c52f4d
- SHA512
  
  ac9cb6104b0450f5bcae4c17b528b3005c868958475677b67561032a5c5cf5d498d4f75b2ac4d784cfe75fd6f433ac6ad31d04767426a8f1d5238a18714a34cc
- SSDEEP
  
  6144:gqjIJKoE5Z+QQ7ZE6MXq8L3qtEthgODYmB24bSUa1t:tUKojQQKLPDV9Sr
Score

10^/10

xloader pkfa discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  jp8cqc2kcb7or.dll
- Size
  
  11KB
- MD5
  
  8b97d5be5fb88bfaa64ce33589f31c64
- SHA1
  
  814ee5c903f04bb898fa7b16a5f7693de688f2d1
- SHA256
  
  5dcedcbc25fdf6d6f64253cc4fe40ad69d28406dd6971532f6a985e6d89ee84b
- SHA512
  
  91053bfb9a374d3b5ad684cb6fa9878da32ad921392d2ebf8f1e6630a4ceeb02ea85c44d831115704e1de406de8b959244b77a3c2c621d318e2112c63c5f27f3
- SSDEEP
  
  192:bc4E4WPKs/CicOdiB3aa6lN5yw/gXHdw0Qb6cFDC3mfH:AbBTaird55EwfBDC3yH
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6