xloader

General

Target

4a18a824aecef26f86a454b0a568ed55_JaffaCakes118
Size

871KB
Sample

241015-1cfg7asdlq
MD5

4a18a824aecef26f86a454b0a568ed55
SHA1

96b62057be687eef380d5d580003719aa5c6f32d
SHA256

ebceba62910d7167907d9ece3bdce1dacdf778e82d07801478e0240621100b25
SHA512

c8b9383b281fddb4a82a45271513de43b2a82454fdcb4fb55b7797d53d8a16c7018b495cfbe0a5c90feaf6ed3158c1197dfc3562a32fc53e373a0a8780cd59e6
SSDEEP

12288:uWK3n3qGaNHEyC9/oR9gy5FHK7zMQSGedS0N2hIbUKf8DZAiMKRT1VOeJLz2HVJ0:uWKnPp9AR95yv0dS0wIP8DZAiLT1FU0

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ixwn

Decoy

drmarshaskinner.com

lovablebrows.com

cnfmc.com

post1fr.com

54243474945delta5424.com

lauded.world

clansix.xyz

swipesells.com

au-hokuriku.com

alyxhoulie.com

kuponbank.com

unicdn.xyz

stearmanestates.com

shmily.life

hennessy-maluma.com

czechagents.com

zywbiiu.icu

gree-th.com

naturalboho.com

plusometer.com

Targets

- Target
  
  4a18a824aecef26f86a454b0a568ed55_JaffaCakes118
- Size
  
  871KB
- MD5
  
  4a18a824aecef26f86a454b0a568ed55
- SHA1
  
  96b62057be687eef380d5d580003719aa5c6f32d
- SHA256
  
  ebceba62910d7167907d9ece3bdce1dacdf778e82d07801478e0240621100b25
- SHA512
  
  c8b9383b281fddb4a82a45271513de43b2a82454fdcb4fb55b7797d53d8a16c7018b495cfbe0a5c90feaf6ed3158c1197dfc3562a32fc53e373a0a8780cd59e6
- SSDEEP
  
  12288:uWK3n3qGaNHEyC9/oR9gy5FHK7zMQSGedS0N2hIbUKf8DZAiMKRT1VOeJLz2HVJ0:uWKnPp9AR95yv0dS0wIP8DZAiLT1FU0
Score

10^/10

xloader ixwn discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2