xloader

General

Target

e78a8c49a3846c8224702bdfe143d6b9_JaffaCakes118
Size

567KB
Sample

240917-x4py6azhmg
MD5

e78a8c49a3846c8224702bdfe143d6b9
SHA1

f35ee4878252d4a6c38971a0768b2adff12ceffe
SHA256

8f7fa187226287ba3a8858e75b00b021022fbfbc8f1f7ae01557cf692510fe00
SHA512

6902c408ee655a97d3e9c9a056c57716e964f1ef5beaaa40b30a95fad93a8f13167872fa53e7c7a9574c2544ee36f6f2c3bf3fe42063871f0dc89513af0bdc1e
SSDEEP

12288:bEpO29Vm7Fru4efOhizn2MJT6YashlM0JT6YashlMCDvoP:4pXm704Tho2I9ashlV9ashlr8

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

n092

Decoy

classictilematch.net

joy-one.xyz

paraflexwork.com

eurxtoa.online

azrock-express.com

rojareal.com

weprepareamerica-world.com

boss-investor.com

sportstrainernetwork.com

hoshibanamogurablog.com

thymoscorp.com

dqrygx.com

multispicesindonesia.com

fortydaysaesthetic.com

citycourtlafayetteclass.com

sporexx.com

mahsaparvizi.com

casinort.net

arssaf.com

cupandthoughts.com

Targets

- Target
  
  e78a8c49a3846c8224702bdfe143d6b9_JaffaCakes118
- Size
  
  567KB
- MD5
  
  e78a8c49a3846c8224702bdfe143d6b9
- SHA1
  
  f35ee4878252d4a6c38971a0768b2adff12ceffe
- SHA256
  
  8f7fa187226287ba3a8858e75b00b021022fbfbc8f1f7ae01557cf692510fe00
- SHA512
  
  6902c408ee655a97d3e9c9a056c57716e964f1ef5beaaa40b30a95fad93a8f13167872fa53e7c7a9574c2544ee36f6f2c3bf3fe42063871f0dc89513af0bdc1e
- SSDEEP
  
  12288:bEpO29Vm7Fru4efOhizn2MJT6YashlM0JT6YashlMCDvoP:4pXm704Tho2I9ashlV9ashlr8
Score

10^/10

xloader n092 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2