xloader

General

Target

f0dc88bce28dcc9005164930e94eacd6_JaffaCakes118
Size

212KB
Sample

240921-3tnaga1cqh
MD5

f0dc88bce28dcc9005164930e94eacd6
SHA1

106681ea8909a2de5732e51868245963f8b87b32
SHA256

2ff45850f2e31480bb0020b00786bc290a3979c3db934975e6d15155ba59b453
SHA512

e1fbc3eb2de600195f7d3d3a6bba1dce0972de504f357dae0ea29308f4a60c6a2211e584e09d2c3dc4070a61d161ec48800e1587c4f7d85723a41652a827b6c6
SSDEEP

3072:fTj5l3felhnSOKlTt/IlxX4VYwiW+faL5ysXTvaledstcYE4xDRv:xREhnKHQ74HRa4QsDvssstcYnZ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

idir

Decoy

c-creator.com

freeladoc.com

toluar.com

pathwaysnorman.com

saveme.xyz

espadanabours.com

turnthathitup.net

markdfoto.com

thebeverlywoodweekly.com

truonglocphat.com

fullyphantom.life

snippopotamus.com

snakby.com

atualizaaideia.com

zotbxtaxon.xyz

hombresalfa.com

veterinaryneurologue.com

thesynapsextinfo.com

elroyalebet10.xyz

supperbazaars.com

Targets

- Target
  
  f0dc88bce28dcc9005164930e94eacd6_JaffaCakes118
- Size
  
  212KB
- MD5
  
  f0dc88bce28dcc9005164930e94eacd6
- SHA1
  
  106681ea8909a2de5732e51868245963f8b87b32
- SHA256
  
  2ff45850f2e31480bb0020b00786bc290a3979c3db934975e6d15155ba59b453
- SHA512
  
  e1fbc3eb2de600195f7d3d3a6bba1dce0972de504f357dae0ea29308f4a60c6a2211e584e09d2c3dc4070a61d161ec48800e1587c4f7d85723a41652a827b6c6
- SSDEEP
  
  3072:fTj5l3felhnSOKlTt/IlxX4VYwiW+faL5ysXTvaledstcYE4xDRv:xREhnKHQ74HRa4QsDvssstcYnZ
Score

10^/10

xloader idir discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2