xloader

General

Target

38f2090be746d6d7d13132500c283022_JaffaCakes118
Size

822KB
Sample

241012-hx8qcstepk
MD5

38f2090be746d6d7d13132500c283022
SHA1

b142ea73b4f32e0a90853f35da2a8d92ec64c633
SHA256

29f3a920994225a5424f5e1710a9980710e4330f85aeade18182b5fbd5f2a354
SHA512

51c836af4a6804f74c1ab4fdee71f3db1a80702eb4dbbef41070822b2154c44ad58de568f9c4b3888acc50be31e1f20c8a055b33a18cb4fa404be408bb2c4977
SSDEEP

24576:Q63f0MxtG+qZNSx9z03ETZlj3/NkMaE1yUv08ztH0HpoyI:yMXG+qX49751k

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p4se

Decoy

weightlossforprofessionals.com

talkotstopandshop.com

everesttechsolutions.com

garboarts.com

esubastas-online.com

electriclastmile.com

tomio.tech

jacoty.com

knot-tied-up.com

energychoicesim.com

rocketcompaniessham.com

madarasapattinam.com

promosplace.com

newstarchurch.com

thesaleskitchen.com

slingmodeinc.com

jobresulthub.com

pillclk.com

shipu119.com

sibalcar.com

Targets

- Target
  
  38f2090be746d6d7d13132500c283022_JaffaCakes118
- Size
  
  822KB
- MD5
  
  38f2090be746d6d7d13132500c283022
- SHA1
  
  b142ea73b4f32e0a90853f35da2a8d92ec64c633
- SHA256
  
  29f3a920994225a5424f5e1710a9980710e4330f85aeade18182b5fbd5f2a354
- SHA512
  
  51c836af4a6804f74c1ab4fdee71f3db1a80702eb4dbbef41070822b2154c44ad58de568f9c4b3888acc50be31e1f20c8a055b33a18cb4fa404be408bb2c4977
- SSDEEP
  
  24576:Q63f0MxtG+qZNSx9z03ETZlj3/NkMaE1yUv08ztH0HpoyI:yMXG+qX49751k
Score

10^/10

xloader p4se discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2