xloader

General

Target

36797ec026ef56a9ec2be58f804a11af_JaffaCakes118
Size

850KB
Sample

241011-ybbfqsvbpj
MD5

36797ec026ef56a9ec2be58f804a11af
SHA1

a6e03ddc21b97c6ef50ee69ec95b008fbda67e4d
SHA256

ffb4062f3105628be393872c098765b9a7736911cb8fee4ff571b006a891c8a8
SHA512

d4a3aad5560b683fc05b4ec48399bf6412e233bcece7396377f0684b206f5818b918c3fd73bf108371b361d1361882a1a7fdcd40fea0104de06f94c43a1764f4
SSDEEP

24576:iDZPpbcn+nTZkINpPTE0v1HVp6CHJnhM0:4xtcnc9hfv1HGs+0

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m6b5

Decoy

ixtarbelize.com

pheamal.com

daiyncc.com

staydoubted.com

laagerlitigation.club

sukrantastansakarya.com

esupport.ltd

vetscontracting.net

themuslimlife.coach

salmanairs.com

somatictherapyservices.com

lastminuteminister.com

comunicarbuenosaires.com

kazuya.tech

insightlyservicedev.com

redevelopment38subhashnagar.com

thefutureinvestor.com

simplysu.com

lagu45.com

livingstonpistolpermit.com

Targets

- Target
  
  36797ec026ef56a9ec2be58f804a11af_JaffaCakes118
- Size
  
  850KB
- MD5
  
  36797ec026ef56a9ec2be58f804a11af
- SHA1
  
  a6e03ddc21b97c6ef50ee69ec95b008fbda67e4d
- SHA256
  
  ffb4062f3105628be393872c098765b9a7736911cb8fee4ff571b006a891c8a8
- SHA512
  
  d4a3aad5560b683fc05b4ec48399bf6412e233bcece7396377f0684b206f5818b918c3fd73bf108371b361d1361882a1a7fdcd40fea0104de06f94c43a1764f4
- SSDEEP
  
  24576:iDZPpbcn+nTZkINpPTE0v1HVp6CHJnhM0:4xtcnc9hfv1HGs+0
Score

10^/10

xloader m6b5 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2