xloader

General

Target

95b1387dcc4d63bd61ee0d8d78c83a05_JaffaCakes118
Size

731KB
Sample

240814-mej2ha1hml
MD5

95b1387dcc4d63bd61ee0d8d78c83a05
SHA1

6118fb9588414fa3c77f6f52b6a28e7b2bc2ef2f
SHA256

ec79bbedd58dd5c093422074221dd9dc49a95310d94655d90f68decd7f46321d
SHA512

a3012ad340b6b12a6d0a62ab3ec0313ae90e1a3e240e1c33054cf2d3f80f7a5d40510aecdf14bebd44af016cbe4b714d1f6974f28b0e4c6429a9c15888c77658
SSDEEP

12288:7ESoYEoSTvzz8f3fkd9UTVPra6+13sf8irOhRxuXC:7ESKoG0HYx

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

nid3

Decoy

bocadilleriapk2guadalajara.com

vaccinatedmaid.com

uvoznaroba.com

sore2.com

carphonegadget.com

0543hm.com

valglobalgroup.com

badbogeyclub.com

sonykameraja.biz

dpz831.icu

wyvernmediagroup.com

jason-luttrell.com

joehcq1.com

1aiizsbb.icu

thelousciouscocoon.com

crypto4.education

letrassinfronteras.com

truemovehispeed.com

se25diy.com

cisdax.com

Targets

- Target
  
  95b1387dcc4d63bd61ee0d8d78c83a05_JaffaCakes118
- Size
  
  731KB
- MD5
  
  95b1387dcc4d63bd61ee0d8d78c83a05
- SHA1
  
  6118fb9588414fa3c77f6f52b6a28e7b2bc2ef2f
- SHA256
  
  ec79bbedd58dd5c093422074221dd9dc49a95310d94655d90f68decd7f46321d
- SHA512
  
  a3012ad340b6b12a6d0a62ab3ec0313ae90e1a3e240e1c33054cf2d3f80f7a5d40510aecdf14bebd44af016cbe4b714d1f6974f28b0e4c6429a9c15888c77658
- SSDEEP
  
  12288:7ESoYEoSTvzz8f3fkd9UTVPra6+13sf8irOhRxuXC:7ESKoG0HYx
Score

10^/10

xloader nid3 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2