xloader

General

Target

adc061ae7d0c3e314551eb5d19102abc_JaffaCakes118
Size

288KB
Sample

240820-eam9cssbla
MD5

adc061ae7d0c3e314551eb5d19102abc
SHA1

1b714f68260af3dc9d41d6b2341a1e9b5c711aad
SHA256

011d8eb0651ac5abaf961f5ac9d820aaf6b097090d7aed4c23243bba22aab598
SHA512

cf7e2de87823c07fdeaec37d78fdcac595c65b3986492c129b7537221747bad90d76be2380fe90665362dbbe1acda16de37a8898e7f2f753b110f358279d347a
SSDEEP

6144:tx/MDhXmawdvJQpBQ60U0BpYgbgO+Kl9GPl8:DDawdvRjuKOPi

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

feaw

Decoy

fiber.rentals

escuchatucuento.com

sieteactos.com

sacredconnexions.store

singaporefoodfactory.com

kingbet188.info

archja.com

hofisa.com

belobog.com

smdyw8.com

audi-englewood.com

passyunkpods.com

ajibean.com

paranouille.ovh

yorkmountainwinery.com

viewhomesinnorcal.com

worldwideexpat.com

always-fresh-matters.com

casaespiritaalankardec.com

artofgreatlife.com

Targets

- Target
  
  2021FI30005.exe
- Size
  
  226KB
- MD5
  
  aaeb4ca48de2f02e82a7073f5b7845d3
- SHA1
  
  fe42b6a380d09d09ca116730b167bad2ab642d82
- SHA256
  
  77353f06427f5e7d0e4c28e4d5690700a2cf6789edc0f9c51682dd20bb65bf78
- SHA512
  
  5e703cb507a7436b404b212fd46ae7a2c9bc935aee5f993c04bd8bc594700350016801ca957015614769c80d3a2ab80a52b7e6a08e7f8c146a01696e55259b20
- SSDEEP
  
  6144:yx/MDhXmawdvJQpBQ60U0BpYgbgO+Kl9GPl8f:2DawdvRjuKOPif
Score

10^/10

xloader feaw discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  3qk9.dll
- Size
  
  10KB
- MD5
  
  8f9290de28c93e280c387b72adf45543
- SHA1
  
  305b45d1ca5d6de308cdc76796548a04ec677a98
- SHA256
  
  75597e1e381141f1606bf96c2b7a6c5b7eb1fa3ea65e37152bdb305155776192
- SHA512
  
  7c4694b53e8ad79fc78d5044528026ca3d000434a8b0121b89bfc1335c97b0a242774ed4d96b7a777fd65f034ef1a18d656dbe27967d616157912afe372a49db
- SSDEEP
  
  192:WlnU0vJoAyHzUrI95m2XaM4GGI2gcfo+wZjmqT/:WlFyTUQ5m2K1GPHcDvc
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6