xloader

General

Target

a3471629786819e39c78c4219ae04771_JaffaCakes118
Size

723KB
Sample

240817-ty9jtsxhrl
MD5

a3471629786819e39c78c4219ae04771
SHA1

b94fa145d99416d7c2fed901e83108e257e417eb
SHA256

c0cf68515b3afd73306eaa9c2abdd73f06bfba2943f57fd081e7ae25cfbf7b76
SHA512

24731547612a0ffd8c18e5797a765612fcc9567aed74397a832e9721a14a0b885fd9388ec3724cea038f77c236a72ca7d73946149a1799c75956c7c41c0741ef
SSDEEP

12288:wxojH5jdL/KyCR7PqRo2YQLa3RFC7cvoLTK8bColQVpvlbKmQQUTvSq8MFNBUt:pljBKnRIIQOhKcCTKWlQVhFKmvxqnfBU

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

0tog

Decoy

nordicgeneralcounsel.com

global1pbx.com

schoolcovidmap.com

asfsonline.net

landquestlandscape.com

streetsaheadleisure.com

acterialed.store

supremehtv.com

oregondst.com

gsmits.com

goldershealth.com

ideagroup.one

405eastfirststreetnapa.com

cleidgarciamarket.com

buybeatsbydre.com

icdr1.com

mydivinedelights.com

trotinette-electrique-shop.com

bigbrainmedialv.com

greatheightstours.com

Targets

- Target
  
  a3471629786819e39c78c4219ae04771_JaffaCakes118
- Size
  
  723KB
- MD5
  
  a3471629786819e39c78c4219ae04771
- SHA1
  
  b94fa145d99416d7c2fed901e83108e257e417eb
- SHA256
  
  c0cf68515b3afd73306eaa9c2abdd73f06bfba2943f57fd081e7ae25cfbf7b76
- SHA512
  
  24731547612a0ffd8c18e5797a765612fcc9567aed74397a832e9721a14a0b885fd9388ec3724cea038f77c236a72ca7d73946149a1799c75956c7c41c0741ef
- SSDEEP
  
  12288:wxojH5jdL/KyCR7PqRo2YQLa3RFC7cvoLTK8bColQVpvlbKmQQUTvSq8MFNBUt:pljBKnRIIQOhKcCTKWlQVhFKmvxqnfBU
Score

10^/10

xloader 0tog discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2