xloader

General

Target

f502c1a5b642c38455fe94ca3ce2eed8_JaffaCakes118
Size

321KB
Sample

240925-dcevbs1blk
MD5

f502c1a5b642c38455fe94ca3ce2eed8
SHA1

9423923825b75b210441777977e0c0acaac73d0c
SHA256

4f458d13d054cb8e9cb734d6929fe65b59b2a25e2c460af1fc788ca490118a85
SHA512

93e6b467f79380360704e5783bb82c91cca54d38871a75d82b4326b66c051ede36f04c82776cefaedbf73a42d0308f7f5b9d14a58fbdbf8afb9dca29876b6220
SSDEEP

6144:zLvWHK8wYjlFSqgfdnatyFLnWJM5nuBxZQ1aU3avEMieafbMrE9p6:zCHpdjlFifdnaQWJ+nu7KaU8EMpafQGp

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

o8na

Decoy

www1669099.com

digitalallserv.com

thiszzzwq.info

dallasoswalt.info

ladolcefesta.com

mariamalikially.com

origenbsas.com

antichoc.watch

tropicalbirdtoys.com

bbluedotvrwdbuy.com

racevx.xyz

ut-trustandwill.com

maximumhomeoffers.com

wrapname.com

hypelighystrip.com

oshoum2020.com

parkwestmi.com

themodumall.com

tempuslawnandsnow.com

dailypromo.xyz

Targets

- Target
  
  f502c1a5b642c38455fe94ca3ce2eed8_JaffaCakes118
- Size
  
  321KB
- MD5
  
  f502c1a5b642c38455fe94ca3ce2eed8
- SHA1
  
  9423923825b75b210441777977e0c0acaac73d0c
- SHA256
  
  4f458d13d054cb8e9cb734d6929fe65b59b2a25e2c460af1fc788ca490118a85
- SHA512
  
  93e6b467f79380360704e5783bb82c91cca54d38871a75d82b4326b66c051ede36f04c82776cefaedbf73a42d0308f7f5b9d14a58fbdbf8afb9dca29876b6220
- SSDEEP
  
  6144:zLvWHK8wYjlFSqgfdnatyFLnWJM5nuBxZQ1aU3avEMieafbMrE9p6:zCHpdjlFifdnaQWJ+nu7KaU8EMpafQGp
Score

10^/10

xloader o8na discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2