xloader

General

Target

ff6b0149a50d104918fa4c4770c3450a_JaffaCakes118
Size

416KB
Sample

240929-2lr31sxfna
MD5

ff6b0149a50d104918fa4c4770c3450a
SHA1

99e64b1372b0b1e7c8102142bba561c213e7dee0
SHA256

a6a3868c066bf6d3e03e7c13e9f7053523cdd2f2aaba44737a387762b7ca805f
SHA512

f3d132edf19e7f89c217ba7ec688954aa03981342f473ed2e2392555f75bc8ac8c65fe947d097cff8ceb7bd5f3db8891d5eb2ce616209a108c7562f2607d7f08
SSDEEP

12288:8p0Zt/fM6q03acZI9hlKGVG6ArB5//RhTPU:8p0Z90d0qcZI7lKVfXRJM

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ur06

Decoy

philippebrooksdesign.com

cmoorestudio.com

profille-sarina23tammara.club

dqulxe.com

uiffinger.com

nolarapper.com

maconanimalexterminator.com

bisovka.com

loveisloveent.com

datication.com

spxo66.com

drhelpnow.com

ladybug-cle.com

macocome.com

thepoppysocks.com

eldritchparadox.com

mercadolibre.company

ismartfarm.com

kansascarlot.com

kevinld.com

Targets

- Target
  
  61vPFITGkbgCrMT.exe
- Size
  
  494KB
- MD5
  
  1562a3db939188c19ab5696f83c6e036
- SHA1
  
  b3964c733cff09ac94c9b4bc9c1f3d8c985a07f2
- SHA256
  
  619ab2c40c40c107e921df3ccd7f44946ab5a353939da1f3834213f3a507a4c0
- SHA512
  
  d2f39982222f5b01886e7ff5646b6c1bee44c8b8debef5ea5849235e93b42fd08aae701930f6aca9faff967ccf1c6e4be2c4f219fb0dad5a980b09b4734bd1a0
- SSDEEP
  
  12288:M1Uq03gcZI9plKGV05SJlpC//RRoRMQTB1:u0wcZI3lKruiXRmRMy1
Score

10^/10

xloader ur06 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2