xloader

General

Target

db70d6b73724df85b1a004112b62a8df_JaffaCakes118
Size

805KB
Sample

240911-3t9hpszemp
MD5

db70d6b73724df85b1a004112b62a8df
SHA1

357943c19becd73eb82afde209fb31dd6bb5fbfa
SHA256

21663180827caf7f2dfb9bb17db9e9b69ff0a867f2901f148b134d323efb802c
SHA512

12de32c136aa44ab9b4ff4709782a7da3882d47a5a4b48c9c086bc6f73e0904569b3cfd4e1541c9ae94116fe4944f208d230624b724c6938b6fd1daa27b97723
SSDEEP

24576:p3GH3Nbwuns9skinW7xqJ1hiptHs1Y7fybeMoo3M6IF0R1/utasoW:p3GH3Nbwuns9skinWC10M1Yebio86I0K

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uszn

Decoy

animegriptape.com

pcpnetworks.com

putupmybabyforadoption.com

xn--jvrr98g37n88d.com

fertinvitro.doctor

undonethread.com

avoleague.com

sissysundays.com

guilhermeoliveiro.site

catholicon-bespeckle.info

mardesuenosfundacion.com

songkhoe24.site

shoecityindia.com

smallbathroomdecor.info

tskusa.com

prairiespringsllc.com

kegncoffee.com

clicklounge.xyz

catholicendoflifeplanning.com

steelobzee.com

Targets

- Target
  
  db70d6b73724df85b1a004112b62a8df_JaffaCakes118
- Size
  
  805KB
- MD5
  
  db70d6b73724df85b1a004112b62a8df
- SHA1
  
  357943c19becd73eb82afde209fb31dd6bb5fbfa
- SHA256
  
  21663180827caf7f2dfb9bb17db9e9b69ff0a867f2901f148b134d323efb802c
- SHA512
  
  12de32c136aa44ab9b4ff4709782a7da3882d47a5a4b48c9c086bc6f73e0904569b3cfd4e1541c9ae94116fe4944f208d230624b724c6938b6fd1daa27b97723
- SSDEEP
  
  24576:p3GH3Nbwuns9skinW7xqJ1hiptHs1Y7fybeMoo3M6IF0R1/utasoW:p3GH3Nbwuns9skinWC10M1Yebio86I0K
Score

10^/10

xloader uszn discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2