xloader

General

Target

3605e9de6e1e1b63ce9c4b6b25e4bce2_JaffaCakes118
Size

467KB
Sample

241011-v7hyxavbrf
MD5

3605e9de6e1e1b63ce9c4b6b25e4bce2
SHA1

415604ecf117acd31735592e1450c72baa1344c9
SHA256

b49d507a9840371642282e2d4a6b878f01a47265ece636e9380c7a4682a9c46a
SHA512

d728bc59a94680ae280f03a92f129551a83fba2ac4ab384e8cb155068157c5b3149bb8127a7fe11b4bbb68f7617fb5c9484e6093c8b185bb853f311d53adef28
SSDEEP

6144:807O/lGq3T7SzJqq4OoAqYwLw7puaP+Xoc52XEGafCLvIdn1f0SQddTZTbxpWMAE:TjYT7A4soCx2YrUVUvIdn6dTVW

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

cxeo

Decoy

realtyfindr.com

littlelakesranchcattle.com

mortgagecollective.online

cortenlogistic.com

healthcaresupplyinc.com

abc1229.com

johnlambertsen.online

yasirweb.tech

1398toftsdr.com

chordsofdevils.com

hemetcondos4sale.com

hdtvstoreonline.com

ultimasnoticiaswfmajide2.xyz

soutu6.com

lastmilefast.com

glveye.icu

countinesices.com

savenroar.com

reiwa.cloud

wendsoue.com

Targets

- Target
  
  3605e9de6e1e1b63ce9c4b6b25e4bce2_JaffaCakes118
- Size
  
  467KB
- MD5
  
  3605e9de6e1e1b63ce9c4b6b25e4bce2
- SHA1
  
  415604ecf117acd31735592e1450c72baa1344c9
- SHA256
  
  b49d507a9840371642282e2d4a6b878f01a47265ece636e9380c7a4682a9c46a
- SHA512
  
  d728bc59a94680ae280f03a92f129551a83fba2ac4ab384e8cb155068157c5b3149bb8127a7fe11b4bbb68f7617fb5c9484e6093c8b185bb853f311d53adef28
- SSDEEP
  
  6144:807O/lGq3T7SzJqq4OoAqYwLw7puaP+Xoc52XEGafCLvIdn1f0SQddTZTbxpWMAE:TjYT7A4soCx2YrUVUvIdn6dTVW
Score

10^/10

xloader cxeo discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2