xloader

General

Target

9cdc77013989babedbb49f791225b55c_JaffaCakes118
Size

844KB
Sample

240816-ehhzlstfqa
MD5

9cdc77013989babedbb49f791225b55c
SHA1

546bf8bf1ad4b9d629076ae1aba710eb06e3d450
SHA256

9ac985172f0449846e538d549c87b676d7b044e6796d80f80685ebda09ac6d25
SHA512

52a9c0e493654e4ef0a0a07d6e81639e14ef364d82f55df7f0288b32c9918f91dc9954ebc8f26fd150cd2a8d9024d263e7ff940e4546374fad35d0686ad070ec
SSDEEP

12288:xyBDejETQe6SF906fNCVuEC9Dqo12W19YmZy214XF6Y9MVAc6eP9:xyBSjEvlv00NpECRRrPZpaFJGVAc6+

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

eao

Decoy

littletram.com

vanmetaal.com

clubbingspringbreak.com

intohuman.com

steph.place

ipsumksa.com

paultoon.com

wocwebowecbweogw.com

beverlyhillsmerch.com

vans-athens.com

stylishnailsbyem.com

milletvit.com

pappyjacksburgershack.com

anal-liza.com

lotownerbuilders.com

caffinatics.com

cvbtrading.co.uk

pheasanttrailsgolfcourse.com

wed0888.com

sundeepm.com

Targets

- Target
  
  9cdc77013989babedbb49f791225b55c_JaffaCakes118
- Size
  
  844KB
- MD5
  
  9cdc77013989babedbb49f791225b55c
- SHA1
  
  546bf8bf1ad4b9d629076ae1aba710eb06e3d450
- SHA256
  
  9ac985172f0449846e538d549c87b676d7b044e6796d80f80685ebda09ac6d25
- SHA512
  
  52a9c0e493654e4ef0a0a07d6e81639e14ef364d82f55df7f0288b32c9918f91dc9954ebc8f26fd150cd2a8d9024d263e7ff940e4546374fad35d0686ad070ec
- SSDEEP
  
  12288:xyBDejETQe6SF906fNCVuEC9Dqo12W19YmZy214XF6Y9MVAc6eP9:xyBSjEvlv00NpECRRrPZpaFJGVAc6+
Score

10^/10

xloader eao discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2