xloader

General

Target

bd5e83c955f9182b2b817fab68cebc47_JaffaCakes118
Size

1.9MB
Sample

240823-16feaazend
MD5

bd5e83c955f9182b2b817fab68cebc47
SHA1

d232a8df698fc53cce2c89dbf43a7157f244b51c
SHA256

fc37dadf423f8e7a11742feee96ae0451905ce574e80eb7a1221b044946611eb
SHA512

174004cd0303edc684896ee2b23aa010a1ed0af1a741143ea70ba12e9281319c1383b9861b6df29ad5cd917edcb117325717da5bd42862defb7ca262ac26e51c
SSDEEP

24576:+nwvFd1jDiT4Wo8+sj1sqypu39GWG4UJKW1miLFeCXDMDYE:qwVBWo8zgWG4UJKW1miLFeCXDMDYE

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ur06

Decoy

philippebrooksdesign.com

cmoorestudio.com

profille-sarina23tammara.club

dqulxe.com

uiffinger.com

nolarapper.com

maconanimalexterminator.com

bisovka.com

loveisloveent.com

datication.com

spxo66.com

drhelpnow.com

ladybug-cle.com

macocome.com

thepoppysocks.com

eldritchparadox.com

mercadolibre.company

ismartfarm.com

kansascarlot.com

kevinld.com

Targets

- Target
  
  bd5e83c955f9182b2b817fab68cebc47_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  bd5e83c955f9182b2b817fab68cebc47
- SHA1
  
  d232a8df698fc53cce2c89dbf43a7157f244b51c
- SHA256
  
  fc37dadf423f8e7a11742feee96ae0451905ce574e80eb7a1221b044946611eb
- SHA512
  
  174004cd0303edc684896ee2b23aa010a1ed0af1a741143ea70ba12e9281319c1383b9861b6df29ad5cd917edcb117325717da5bd42862defb7ca262ac26e51c
- SSDEEP
  
  24576:+nwvFd1jDiT4Wo8+sj1sqypu39GWG4UJKW1miLFeCXDMDYE:qwVBWo8zgWG4UJKW1miLFeCXDMDYE
Score

10^/10

xloader ur06 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2