xloader

General

Target

9609200e202f371c2e981de8674c0374_JaffaCakes118
Size

210KB
Sample

240814-n97xgswcln
MD5

9609200e202f371c2e981de8674c0374
SHA1

7918b9b64dad3139f8b19658ab08407102c0ab38
SHA256

149bc7bb666f2eabcf946822bd316709ddeeef787f059687415f98c71ad47783
SHA512

1e3c7ef62291f7d5a067086d0308e9e9d85ab3904d7303b269d2b4b70998ca75795e7289277426da28af0bfef16b3fabe42175626e3123dd1d28e4256a6f9506
SSDEEP

3072:4BkfJpRXATwMdFCcCbjmmLYLRX25u3foM5AQcbcKfC3icbsaLaLVMsObC6Rt:4qjI2JU6mAQ9RbjLeMsO5t

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ivay

Decoy

b4ukid.com

missioncontrol2030.com

chriswhitefoto.com

guepard-marine.com

getlauded.com

jingdonglm.com

clintlove.com

boldstrategicmedia.com

bluebay3dwdmall.com

aishag.com

forexexpoaward.com

basslakedisposal.com

bukannyaterbuai36.com

learntrhc.com

cancunpolo.com

case-cornershop.com

tahiticomplementos.com

dashanzhf.com

wholeholistichealth.com

inass-yassin.com

Targets

- Target
  
  9609200e202f371c2e981de8674c0374_JaffaCakes118
- Size
  
  210KB
- MD5
  
  9609200e202f371c2e981de8674c0374
- SHA1
  
  7918b9b64dad3139f8b19658ab08407102c0ab38
- SHA256
  
  149bc7bb666f2eabcf946822bd316709ddeeef787f059687415f98c71ad47783
- SHA512
  
  1e3c7ef62291f7d5a067086d0308e9e9d85ab3904d7303b269d2b4b70998ca75795e7289277426da28af0bfef16b3fabe42175626e3123dd1d28e4256a6f9506
- SSDEEP
  
  3072:4BkfJpRXATwMdFCcCbjmmLYLRX25u3foM5AQcbcKfC3icbsaLaLVMsObC6Rt:4qjI2JU6mAQ9RbjLeMsO5t
Score

10^/10

xloader ivay discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  rva11.dll
- Size
  
  11KB
- MD5
  
  188990101a629d59f5435a64c19b655e
- SHA1
  
  c8fc89b69858fceeeb4f78a3d20cee3f6a0beb42
- SHA256
  
  755ea4c08bae90f85e93cea3865580400c5dd9fe238dde5c59dfd893dcecf4f4
- SHA512
  
  1e0f096551159532ad4d773639792841710c48eacca02b46c05be2c90e1e6b3f87470a3a379461694ffdfbe76509f1f7876f5c045d4bcee250e5905632506597
- SSDEEP
  
  192:LbJZqY7dW36qTJPHjd9kAlndYFzLVaAVNQdIHG2SRUt7:SRqYPHjjdndUzLVhcRY7
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6