xloader

General

Target

b0831ddebf21044f7035841a270f8546_JaffaCakes118
Size

212KB
Sample

240820-x4qkpaygrb
MD5

b0831ddebf21044f7035841a270f8546
SHA1

89e654590cb02f4f6a646816314737b9dad6f560
SHA256

170eb254fe7cae506272dd7f934000734f55648fcefab6843eca50311a98a07d
SHA512

741d53d5dc4e67df8e336e747a6e5481273e77669fda3e5e4075c566ca980e2458efb2cb4bf694d2a557f79681f87642f8fd318ad2ab31161d5c00cb7ec67182
SSDEEP

6144:IqjIifDkCFmb6vuvZKdzDMofz/FyT2kHrtt:F1fgYmbeGZ+0of42kT

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

09rb

Decoy

chatmeapp.net

jennyandmatt2021.com

myaarpdentalpln.com

valexplorer.com

kobumsnetwork.com

kimschrierforcongress.com

yixun01.com

changxunt.com

finishingtouchfootball.com

stereoslide.com

penipay.com

iregentos.info

thebuzztraders.com

ashleyandwarner.com

idratherbeinbed.com

trysweetlife.com

emuprising.com

theconnectioncure4anewlife.com

wendyallegaert.com

88779599.com

Targets

- Target
  
  b0831ddebf21044f7035841a270f8546_JaffaCakes118
- Size
  
  212KB
- MD5
  
  b0831ddebf21044f7035841a270f8546
- SHA1
  
  89e654590cb02f4f6a646816314737b9dad6f560
- SHA256
  
  170eb254fe7cae506272dd7f934000734f55648fcefab6843eca50311a98a07d
- SHA512
  
  741d53d5dc4e67df8e336e747a6e5481273e77669fda3e5e4075c566ca980e2458efb2cb4bf694d2a557f79681f87642f8fd318ad2ab31161d5c00cb7ec67182
- SSDEEP
  
  6144:IqjIifDkCFmb6vuvZKdzDMofz/FyT2kHrtt:F1fgYmbeGZ+0of42kT
Score

10^/10

xloader 09rb discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  aiktcq2j34.dll
- Size
  
  11KB
- MD5
  
  e72396b2a612239e6c940ea4ea11c7ad
- SHA1
  
  9e5769c57114da40e6e5299a746fbf62d81bd417
- SHA256
  
  360863eda760250d6a21b0e558149b411024cf0a8da2f195b2cdc6a886c1b0c1
- SHA512
  
  934e50b0c928eb0ac905e4692b7517604b3bf41fb7e62dbcb83733d5fc94d584f019fc2d47fe18d38f66e1959517318a942fb978f2612d06cedfb83c1663543b
- SSDEEP
  
  192:rZyPPg35t0RuQhG4DKXFDxw3kbHyroRneDgJ1ZIx:9cct0RbZAxukbIoReDgJ/i
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6