xloader

General

Target

01edae7572bd3dcad70155d3b988f63b_JaffaCakes118
Size

258KB
Sample

240930-sa3kya1drp
MD5

01edae7572bd3dcad70155d3b988f63b
SHA1

54535c80179fad6b92ee7d1378a5865c4c3b3999
SHA256

3cf9356a4b252073db553cfc05544213078ba8ede54eaa45ab83637d86fdd948
SHA512

f7cb116243da0563f7e4e3cfa73cf6106738bf5e1d9b6a15af615ad284dc8963061889c1ae99a2b4a382e0179b88e32b435683db40559e2f490ec96cd035e0d3
SSDEEP

6144:d1ZIA0NUuoAzOgv19kwnG+XnRabukHQWpHpshHwipISW:d1+RNUE9kwnGqR/kwsJ5SW

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

enmm

Decoy

westcorinnewater.com

secretosdebolsa.com

carolineeyguthrie.com

fuzion.events

reatour.com

alertfirerescue.com

gd-dw.com

christian-glass.com

herbandflour.com

ttingjab.com

xn--gmq18di80c2lb.com

usabilitykitchen.com

liverpoolbeautyco.com

yyb.one

egeemlak.net

news-crunch.com

johneflix.com

lionlegalsolutions.com

doikatsuman.net

cyberlegalofficer.com

Targets

- Target
  
  01edae7572bd3dcad70155d3b988f63b_JaffaCakes118
- Size
  
  258KB
- MD5
  
  01edae7572bd3dcad70155d3b988f63b
- SHA1
  
  54535c80179fad6b92ee7d1378a5865c4c3b3999
- SHA256
  
  3cf9356a4b252073db553cfc05544213078ba8ede54eaa45ab83637d86fdd948
- SHA512
  
  f7cb116243da0563f7e4e3cfa73cf6106738bf5e1d9b6a15af615ad284dc8963061889c1ae99a2b4a382e0179b88e32b435683db40559e2f490ec96cd035e0d3
- SSDEEP
  
  6144:d1ZIA0NUuoAzOgv19kwnG+XnRabukHQWpHpshHwipISW:d1+RNUE9kwnGqR/kwsJ5SW
Score

10^/10

xloader enmm discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2