xloader

General

Target

4b152fa511993e3fababdeed5fadc362_JaffaCakes118
Size

816KB
Sample

241016-c8p5hayemg
MD5

4b152fa511993e3fababdeed5fadc362
SHA1

83b56d11cd855f1a760a1b810b5ee15ae2cd3452
SHA256

4280bb4e70e3ea349291f5674181b61c81a81a4dab4d6d52cae1e4e01a77928e
SHA512

2796cc71b0799866748a744e12809e336ce806f25bb84bf747e2947222bf2507475520451c321d420729cd0e6a9c5e8b9b4fb95ac3f2c413c8ee107f31fb13fd
SSDEEP

24576:R8LQozB5IlUYJDQ6UBAWtI9Pdu0nEZ8OZWT621ZHogD:+LQND7cAWtwPg0i

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rq6j

Decoy

xiubanpei.com

cinderellaplus.com

jamascompany.com

bartarpay.net

iieom-l7f.net

wesleymerritt.com

applefolds.info

susanjkirkpatrick.com

bhavishyfoundations.com

joboval.com

countingdowntothecomans.com

mariamasal.com

michaelcajero.net

tradekindness.net

wonderwall.pro

babymaths.com

webdevalley.com

sculptingtreestudio.com

iblamatrading.com

quefautil.com

Targets

- Target
  
  4b152fa511993e3fababdeed5fadc362_JaffaCakes118
- Size
  
  816KB
- MD5
  
  4b152fa511993e3fababdeed5fadc362
- SHA1
  
  83b56d11cd855f1a760a1b810b5ee15ae2cd3452
- SHA256
  
  4280bb4e70e3ea349291f5674181b61c81a81a4dab4d6d52cae1e4e01a77928e
- SHA512
  
  2796cc71b0799866748a744e12809e336ce806f25bb84bf747e2947222bf2507475520451c321d420729cd0e6a9c5e8b9b4fb95ac3f2c413c8ee107f31fb13fd
- SSDEEP
  
  24576:R8LQozB5IlUYJDQ6UBAWtI9Pdu0nEZ8OZWT621ZHogD:+LQND7cAWtwPg0i
Score

10^/10

xloader rq6j discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2