xloader

General

Target

c1a77dddf52f12af022d82471e6bdf19_JaffaCakes118
Size

864KB
Sample

240825-1mp5dawhke
MD5

c1a77dddf52f12af022d82471e6bdf19
SHA1

c39c5f47d73dd8a0b7fd2ebaad7a7b57a92d0ea0
SHA256

5528ee96b8cefda8ec99999701a1673fb0dff17a8e603f2c8ccd3abac08f7489
SHA512

b0825bccffaa39791d19919f0ae3f95f384c9da6aad24f50d3623267da266ddde95eb7f0d3777e33cc013a0fe770230a8e03501b7b32d1834528b61af14b60cb
SSDEEP

24576:BM94rYW6Z7iYtU+wkx8JwKD84r9kMXW+mj:mnZ7iYtCwi8SHvmj

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uidr

Decoy

dulichsongcham.com

cash-royal.com

geneseewildlifetrapping.com

9cc9x79m3y2.com

ntjjzx.com

joinglooko.com

upmchealhtrak.com

hookandcask.com

orca-web.com

ag3holdings.com

empoweredinvestmentstx.com

lustywall.com

rcpelaurentides.com

goyalcoorchidnirvanatwo.homes

iotajinn.com

littlemlive.com

hippocratesbio.com

ashleysema.design

175a45.xyz

bpocompaniesphilippines.com

Targets

- Target
  
  c1a77dddf52f12af022d82471e6bdf19_JaffaCakes118
- Size
  
  864KB
- MD5
  
  c1a77dddf52f12af022d82471e6bdf19
- SHA1
  
  c39c5f47d73dd8a0b7fd2ebaad7a7b57a92d0ea0
- SHA256
  
  5528ee96b8cefda8ec99999701a1673fb0dff17a8e603f2c8ccd3abac08f7489
- SHA512
  
  b0825bccffaa39791d19919f0ae3f95f384c9da6aad24f50d3623267da266ddde95eb7f0d3777e33cc013a0fe770230a8e03501b7b32d1834528b61af14b60cb
- SSDEEP
  
  24576:BM94rYW6Z7iYtU+wkx8JwKD84r9kMXW+mj:mnZ7iYtCwi8SHvmj
Score

10^/10

xloader uidr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2