xloader

General

Target

b04b0416c7a562416e58c07fb38699a7_JaffaCakes118
Size

699KB
Sample

240820-wstbrswejd
MD5

b04b0416c7a562416e58c07fb38699a7
SHA1

e0737cd598cd24a694632f81bb274d1e8792840a
SHA256

19492b5df68b96dd4dd552f1a4735f795fa8bedef47ac95f1336d9731ec5edd2
SHA512

ab541f799016fcf96e89d5e64232cbc94544e777875b8d8c33a68dc058467dfd53da09b11e911a0d654e0109d4e5e353dfaaaec1753b35f6dad8a8d8be22fd02
SSDEEP

6144:0leWOQ+3HwOExxWFVBHtfsrIL7po8wutYF7Ke2ubf3XJvf9NGJUa/tnhn4122Irm:moXz68Le8wuOF7KeL3XJv10U4l4l

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

scb0

Decoy

introlly.com

slowtravelco.com

sasanos.com

3424soldbastrophwy.com

isabelaefernando.net

0754fm.com

meta-bot.xyz

778tt8.com

krallechols.quest

lipagent.com

dermaqueeniran.com

psychoterapeuta-wroclaw.com

marmorariapiramide.online

luxonealbery.com

floridawp.com

nebobuild.com

facillitiespro-sweep.com

wwgzj.com

puffsmoke.online

cryptofuelcars.com

Targets

- Target
  
  b04b0416c7a562416e58c07fb38699a7_JaffaCakes118
- Size
  
  699KB
- MD5
  
  b04b0416c7a562416e58c07fb38699a7
- SHA1
  
  e0737cd598cd24a694632f81bb274d1e8792840a
- SHA256
  
  19492b5df68b96dd4dd552f1a4735f795fa8bedef47ac95f1336d9731ec5edd2
- SHA512
  
  ab541f799016fcf96e89d5e64232cbc94544e777875b8d8c33a68dc058467dfd53da09b11e911a0d654e0109d4e5e353dfaaaec1753b35f6dad8a8d8be22fd02
- SSDEEP
  
  6144:0leWOQ+3HwOExxWFVBHtfsrIL7po8wutYF7Ke2ubf3XJvf9NGJUa/tnhn4122Irm:moXz68Le8wuOF7KeL3XJv10U4l4l
Score

10^/10

xloader scb0 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2