xloader

General

Target

f7e38bf7062e2476eb111fd95288e2b5_JaffaCakes118
Size

777KB
Sample

240926-jh6swsvfrq
MD5

f7e38bf7062e2476eb111fd95288e2b5
SHA1

7ef1768ac9a9860b75503312eb1455f4e300cdbf
SHA256

a815ffed78a03eb9a180c0a70b50ce7c6f283fd98e0d590ebbb5f1e0b35fcd65
SHA512

c11b9b23f33ba102cdff70420f5bbe68a1ff88b244df2c82cfbaa1b996d1162c2db9384238e8a414a518e5aace4be1736f5399c46f457eb695bac40384a1f215
SSDEEP

12288:G6foWJcSbkFHcb7/mY/TGhQOPT4WfwRfWROQ5g0x6dgX6okimIf9vSgBS/G6OxfM:RJPb7/bT2D5giGfFaq

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uszn

Decoy

animegriptape.com

pcpnetworks.com

putupmybabyforadoption.com

xn--jvrr98g37n88d.com

fertinvitro.doctor

undonethread.com

avoleague.com

sissysundays.com

guilhermeoliveiro.site

catholicon-bespeckle.info

mardesuenosfundacion.com

songkhoe24.site

shoecityindia.com

smallbathroomdecor.info

tskusa.com

prairiespringsllc.com

kegncoffee.com

clicklounge.xyz

catholicendoflifeplanning.com

steelobzee.com

Targets

- Target
  
  f7e38bf7062e2476eb111fd95288e2b5_JaffaCakes118
- Size
  
  777KB
- MD5
  
  f7e38bf7062e2476eb111fd95288e2b5
- SHA1
  
  7ef1768ac9a9860b75503312eb1455f4e300cdbf
- SHA256
  
  a815ffed78a03eb9a180c0a70b50ce7c6f283fd98e0d590ebbb5f1e0b35fcd65
- SHA512
  
  c11b9b23f33ba102cdff70420f5bbe68a1ff88b244df2c82cfbaa1b996d1162c2db9384238e8a414a518e5aace4be1736f5399c46f457eb695bac40384a1f215
- SSDEEP
  
  12288:G6foWJcSbkFHcb7/mY/TGhQOPT4WfwRfWROQ5g0x6dgX6okimIf9vSgBS/G6OxfM:RJPb7/bT2D5giGfFaq
Score

10^/10

xloader uszn discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2