xloader

General

Target

52bf72d40f8ecc722a7d8d6ae83ad2d9_JaffaCakes118
Size

844KB
Sample

241017-vj4wgayfqn
MD5

52bf72d40f8ecc722a7d8d6ae83ad2d9
SHA1

cb2013d03a2bf04448b20a5a4aec0a8f979c8d9b
SHA256

d2e29e115cef90f4158d21938c7458762bb01be720156a2f7c8bb8d021704fef
SHA512

b35ff42e9fb56cedd485a0d307a59b4b4568ef9b04f8f4346fe8100becd9604d0e3ea1bb2764f017ef88834d24649ecb93afc8fd653469887f0731c2b0998474
SSDEEP

12288:x1kMHia17eHK7zvdqcFhPfmUxYXNUuki1qcbJdwd2/a:qcTdqMVfd2XNZLbJWES

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uqf5

Decoy

suiddock.com

sweetgyalshop.com

puterigarden.com

orangestoreusa.com

prostirkarpat.com

ajierfoods.com

mindlablearning.com

factiive.net

beautifulbrokenhearts.com

direcionalreservapraca.com

tvhoki.com

themoderncoachinstitute.com

classactionwalgreens.com

haloog.com

sachinkaushik.com

daleearnhardtjrchevyvip.com

disconight.net

ocyslibes.icu

encounterfy.com

infamoudpapertrail.com

Targets

- Target
  
  52bf72d40f8ecc722a7d8d6ae83ad2d9_JaffaCakes118
- Size
  
  844KB
- MD5
  
  52bf72d40f8ecc722a7d8d6ae83ad2d9
- SHA1
  
  cb2013d03a2bf04448b20a5a4aec0a8f979c8d9b
- SHA256
  
  d2e29e115cef90f4158d21938c7458762bb01be720156a2f7c8bb8d021704fef
- SHA512
  
  b35ff42e9fb56cedd485a0d307a59b4b4568ef9b04f8f4346fe8100becd9604d0e3ea1bb2764f017ef88834d24649ecb93afc8fd653469887f0731c2b0998474
- SSDEEP
  
  12288:x1kMHia17eHK7zvdqcFhPfmUxYXNUuki1qcbJdwd2/a:qcTdqMVfd2XNZLbJWES
Score

10^/10

xloader uqf5 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2