xloader

General

Target

5de16e644095099e744f588690e7e400_JaffaCakes118
Size

229KB
Sample

241019-wecf4ayfrh
MD5

5de16e644095099e744f588690e7e400
SHA1

0e3dc321554ae6081ee7f4437353457d7360d121
SHA256

26fb8675c58beebfed1a2c246fa5fd658ed0286305dc64683fe4d34b41cc5a66
SHA512

a7087b2f0a294ab4268ec2d498fa23d075de0adf714de81d57d7910135387e12aa90adc50eba183246cc9d834778405818af5630dda6adf968ad25582c2c47b6
SSDEEP

6144:10khhhhhhhhhhhhhN8gBVP+MO4L952L6sCpKN2LKgP1Gkohh8h8mHxpBmPZO:GkhhhhhhhhhhhhhOgvP+MzL95X7P1Ghi

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

noi6

Decoy

yow.today

rkdreamcreations.com

etheriumtech.com

stretchwrench.com

kiddiecruise.com

stickforward.com

videocineproduccion.com

roofinginamerica.com

amarillasnuevomexico.com

armfieldmillerripley.com

macyburn.club

lvbaoshan.com

shopshelponline.com

thebunnybrands.com

newsxplor.com

momunani.com

rebelnqueen.com

tusguitarras.com

nexab2b.com

e3office.express

Targets

- Target
  
  5de16e644095099e744f588690e7e400_JaffaCakes118
- Size
  
  229KB
- MD5
  
  5de16e644095099e744f588690e7e400
- SHA1
  
  0e3dc321554ae6081ee7f4437353457d7360d121
- SHA256
  
  26fb8675c58beebfed1a2c246fa5fd658ed0286305dc64683fe4d34b41cc5a66
- SHA512
  
  a7087b2f0a294ab4268ec2d498fa23d075de0adf714de81d57d7910135387e12aa90adc50eba183246cc9d834778405818af5630dda6adf968ad25582c2c47b6
- SSDEEP
  
  6144:10khhhhhhhhhhhhhN8gBVP+MO4L952L6sCpKN2LKgP1Gkohh8h8mHxpBmPZO:GkhhhhhhhhhhhhhOgvP+MzL95X7P1Ghi
Score

10^/10

xloader noi6 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2