xloader

General

Target

5f9eb3556209c1af1f67b988c454c7f9_JaffaCakes118
Size

463KB
Sample

241020-bfcg9s1hjq
MD5

5f9eb3556209c1af1f67b988c454c7f9
SHA1

2dd08693104beb2405e65f0ea1bd472b69374263
SHA256

27fd2bfe22ef44151e9463b0b3e82e5b561554be529126d46c40e1d10a337bf2
SHA512

b6aeb61f6c6217bf9ea5ea7f5f1629194409e774640f81c7a7c7490b9ed84db3534c0a71555b6b47f48cf060788120d563b33ea5c16b07985d18e4dcd2a39ae4
SSDEEP

6144:XuJiIphnR0nSnfN/NxupawoAJT0gRFgRwtBn9fmUIqQpoI5ttxm:eJiyWS4p5oAB9Yq9tO5HI

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

isds

Decoy

gregscycleforkids.com

speaker-stack.com

wheelofforthne.com

lsfhc.com

wildalaskansalmonproducts.com

zuixinav.com

allstars.business

surfstationshop.com

syugyo-kisoku.com

cventsagency.com

fourpawsnoflaws.com

marjolcleanup.com

tytondesigns.com

carrseat.com

kennedyomnimedia.com

persiawebapp.com

awakenerdesigh.com

theassethero.com

dndate.com

krysonall.club

Targets

- Target
  
  5f9eb3556209c1af1f67b988c454c7f9_JaffaCakes118
- Size
  
  463KB
- MD5
  
  5f9eb3556209c1af1f67b988c454c7f9
- SHA1
  
  2dd08693104beb2405e65f0ea1bd472b69374263
- SHA256
  
  27fd2bfe22ef44151e9463b0b3e82e5b561554be529126d46c40e1d10a337bf2
- SHA512
  
  b6aeb61f6c6217bf9ea5ea7f5f1629194409e774640f81c7a7c7490b9ed84db3534c0a71555b6b47f48cf060788120d563b33ea5c16b07985d18e4dcd2a39ae4
- SSDEEP
  
  6144:XuJiIphnR0nSnfN/NxupawoAJT0gRFgRwtBn9fmUIqQpoI5ttxm:eJiyWS4p5oAB9Yq9tO5HI
Score

10^/10

xloader isds discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2