xloader

General

Target

6775c1a0e4f91e53bae919a76eccd5f4_JaffaCakes118
Size

345KB
Sample

241021-z69gpazall
MD5

6775c1a0e4f91e53bae919a76eccd5f4
SHA1

1f33995e87e5a954183a1c8022475760d424995f
SHA256

fb45376241224bbbaa4e35e3dbc78d2161e2ec026c10ca3bc93e91710b1a8672
SHA512

9fc290f0a560f0fc73c77b97b4c7705db55f8e072bc25a7f08288dc32dca54b2c81f498396b16534840bd4dabf2619840a27608da13ed1891745f98697b2b34e
SSDEEP

6144:Hrm/WHlvBYuhz7dd/ZUhVAUqqqqqqqqqqqqqqjOJUrk8qtmavEwCfaIc+9TQnqqI:Hrm/WFvBYuhz77ZQVNqqqqqqqqqqqqqM

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u8d3

Decoy

captainpowershow.com

natpik.com

skatergaiter.com

dianadecarlodesign.com

ironcityipa.com

artifactdynamics.com

nmgyy120.com

foivgohl.com

awaitnews.com

kombite.com

culinariarapida.com

germantoolbox.com

thejadedopal.com

humdrum.asia

l-consultoria.com

collectionspriestcardiac.com

orangecountysublease.com

getsitsold.com

hoppas-eng.com

fresnommail.com

Targets

- Target
  
  6775c1a0e4f91e53bae919a76eccd5f4_JaffaCakes118
- Size
  
  345KB
- MD5
  
  6775c1a0e4f91e53bae919a76eccd5f4
- SHA1
  
  1f33995e87e5a954183a1c8022475760d424995f
- SHA256
  
  fb45376241224bbbaa4e35e3dbc78d2161e2ec026c10ca3bc93e91710b1a8672
- SHA512
  
  9fc290f0a560f0fc73c77b97b4c7705db55f8e072bc25a7f08288dc32dca54b2c81f498396b16534840bd4dabf2619840a27608da13ed1891745f98697b2b34e
- SSDEEP
  
  6144:Hrm/WHlvBYuhz7dd/ZUhVAUqqqqqqqqqqqqqqjOJUrk8qtmavEwCfaIc+9TQnqqI:Hrm/WFvBYuhz77ZQVNqqqqqqqqqqqqqM
Score

10^/10

xloader u8d3 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2