xloader

General

Target

c23cd3266f9085ba12e269d4ddc79fc2_JaffaCakes118
Size

227KB
Sample

240826-ej1aaatdqb
MD5

c23cd3266f9085ba12e269d4ddc79fc2
SHA1

ac9fd1bfddfd284f337401c8e8ebb3c2f383888e
SHA256

cfc09cd2a2109a174ccbc346779f2e19316be4601173e2e85c3e4314cc139017
SHA512

b616107756ac12316491bf13eeb4815ee35fcc30ff25617728825e05abf1c28482bcb95bad86e860b600ff1fec6ca3fd8390e21af16ac398a637436328dc7c99
SSDEEP

6144:ix/MjhXmaBmrBnzDKhWye8yLL3pgndztwH2X:GDaBmNX6W78yLTKnh

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

cna8

Decoy

exceptionalhospital.com

agshorizon.com

sabaisurfing.com

kathrynprosser.com

news-roma.com

lareinadelosalisados.com

iregretnotcomingupwithit.com

dreamwrldrp.com

brickhallschool-ng.com

exgobal.com

ojcllc.com

pineviewsunrise.com

ru-joking.com

theparkplasticsurgery.com

mouthsecond.today

princessmasksandapparel.com

onlinedavetiyecim.com

animegirls.xyz

heicat.club

brazillianallstars.com

Targets

- Target
  
  c23cd3266f9085ba12e269d4ddc79fc2_JaffaCakes118
- Size
  
  227KB
- MD5
  
  c23cd3266f9085ba12e269d4ddc79fc2
- SHA1
  
  ac9fd1bfddfd284f337401c8e8ebb3c2f383888e
- SHA256
  
  cfc09cd2a2109a174ccbc346779f2e19316be4601173e2e85c3e4314cc139017
- SHA512
  
  b616107756ac12316491bf13eeb4815ee35fcc30ff25617728825e05abf1c28482bcb95bad86e860b600ff1fec6ca3fd8390e21af16ac398a637436328dc7c99
- SSDEEP
  
  6144:ix/MjhXmaBmrBnzDKhWye8yLL3pgndztwH2X:GDaBmNX6W78yLTKnh
Score

10^/10

xloader cna8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  e9hp4zrhw.dll
- Size
  
  10KB
- MD5
  
  efb4c530d67cba244b62b495cf461da2
- SHA1
  
  08ba71eb66ffef70962311e862091aefb735e123
- SHA256
  
  8a85f01867092494ad32e29b1cd117982deddea5b21d83dec5f1f8b9565a3cfc
- SHA512
  
  c035248fb01243b1101c13b59859539e9362984572ce6cd6914b27066bb1acb338f1ff0e51d46266613cb36efbf4489b1d607ade6852f9883a17fde4383546e0
- SSDEEP
  
  192:txhwUnzvGaPveTB2sbbiAC/EE2AJXjysDJo0b0Wsc6SzzgH:Tde7aAaj2KDJpg
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6