xloader

General

Target

677768067d4d3af26b769528b9f1eda3_JaffaCakes118
Size

1.1MB
Sample

241021-z8ckqszaqr
MD5

677768067d4d3af26b769528b9f1eda3
SHA1

701f0d306afbc48082a18befbe293640d7f31173
SHA256

748c630f8ec02411ebb563f2434619bc4b695eaaa6d254ed22f63e01d3775aa5
SHA512

eafbca515c7f00009f763022d22837abe99ec5125faf037be1a59d579dfe9a19a6246ae8d1c95c768ff74728512b5a80ce58d7085c6647eaa4d2ba7ff01a2104
SSDEEP

24576:qOf982sLr4W7xNZJretG/91XVavfHXl5YJu:W7xNj0GVa3vY

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

owws

Decoy

mytestin.com

thenakedjoypodcast.com

elsegundotequilabar.com

thefurryfriendsplace.com

sitowebcasavacanze.com

satellitepublishing.com

lowdownsports.net

angelsvideoproductions.com

bair-er.com

abilitycapitalpartners.com

bestmultifunctiontool.com

bloghappness.com

xn--xhq99jp6i75j.com

obxhwy12.com

dematoffer.com

ladderuptoday.com

christianipitts.com

shakambaricottons.com

dondelivery.net

ibextravetrailers.net

Targets

- Target
  
  677768067d4d3af26b769528b9f1eda3_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  677768067d4d3af26b769528b9f1eda3
- SHA1
  
  701f0d306afbc48082a18befbe293640d7f31173
- SHA256
  
  748c630f8ec02411ebb563f2434619bc4b695eaaa6d254ed22f63e01d3775aa5
- SHA512
  
  eafbca515c7f00009f763022d22837abe99ec5125faf037be1a59d579dfe9a19a6246ae8d1c95c768ff74728512b5a80ce58d7085c6647eaa4d2ba7ff01a2104
- SSDEEP
  
  24576:qOf982sLr4W7xNZJretG/91XVavfHXl5YJu:W7xNj0GVa3vY
Score

10^/10

xloader owws discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2