xloader

General

Target

47aad909f498abcb9f6072e2005b65bb_JaffaCakes118
Size

618KB
Sample

241015-n34w9asfpg
MD5

47aad909f498abcb9f6072e2005b65bb
SHA1

64a8e622c532535be5a9102d7ccc184208789c05
SHA256

7d256189702c023c5c26bbefb00120cd35be4a832a469869c495758a45dc49a4
SHA512

4224b2b34321f7494388c43d5f694d56ce09477f902c726bbbf576a140d4f7eaa1187dfcbd3e1d4619c54b249d9732ea2eadf9d83f806979ea94c1ba6d513049
SSDEEP

12288:St0Q5JEq/y6INX6LRgU7e943Hjo1bZ3OC5LOjgFJgH86Lr:s0kGq/wKgDGMeQH

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b8eu

Decoy

ppslide.com

savorysinsation.com

camilaediego2021.com

rstrunk.net

xianshikanxiyang.club

1borefruit.com

ay-danil.club

xamangxcoax.club

waltonunderwood.com

laurabissell.com

laurawmorrow.com

albamauto.net

usamlb.com

theoyays.com

freeitproject.com

jijiservice.com

ukcarpetclean.com

wc399.com

xn--pskrtmebeton-dlbc.online

exclusivemerchantsolutions.com

Targets

- Target
  
  47aad909f498abcb9f6072e2005b65bb_JaffaCakes118
- Size
  
  618KB
- MD5
  
  47aad909f498abcb9f6072e2005b65bb
- SHA1
  
  64a8e622c532535be5a9102d7ccc184208789c05
- SHA256
  
  7d256189702c023c5c26bbefb00120cd35be4a832a469869c495758a45dc49a4
- SHA512
  
  4224b2b34321f7494388c43d5f694d56ce09477f902c726bbbf576a140d4f7eaa1187dfcbd3e1d4619c54b249d9732ea2eadf9d83f806979ea94c1ba6d513049
- SSDEEP
  
  12288:St0Q5JEq/y6INX6LRgU7e943Hjo1bZ3OC5LOjgFJgH86Lr:s0kGq/wKgDGMeQH
Score

10^/10

discovery xloader b8eu loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2