xloader

General

Target

7107c22585cca5ac62b9fe39dbd9daaa_JaffaCakes118
Size

338KB
Sample

241023-118hwaterk
MD5

7107c22585cca5ac62b9fe39dbd9daaa
SHA1

f0ec4ac5425b96d44725d6530527aae591f5ad57
SHA256

07f0dc41af2d35f2cdddc5e1d2e38b49db0dbfa7a80840633206c77002d019c8
SHA512

ae1211188cbae541f5f6b349e5750f838a9502f8ad8abac7ce1c00d2888e855edca3d7dfbffeb833c17ba77dc9c18f47731c138fb178022267bc1aa69aa9e200
SSDEEP

6144:yl9bet/TLOCbWUyoEmxIlhM0fwZ+4FMxlJ/5OCVdKrLfF0lYmuQ4pf:yYnyoEmxIlhM0YZ9Cxlh5OCi/cYvQ4pf

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

att3

Decoy

oakbridgefundservices.com

fancyforts.com

coisadoce.com

learnfrommymentor.com

digitalgurughana.com

phk0.com

jantiprojeekspertiz.com

xiabyhuc.com

todayonly8.info

pgzapgmn.icu

sistemasarafranco.com

nest-estudio.com

2259.xyz

kenobi.tech

mortgageloansbyjeff.com

thameensa.com

navigators.digital

ecocleanmalta.com

advancedrecyclinginc.com

pmotriz.com

Targets

- Target
  
  7107c22585cca5ac62b9fe39dbd9daaa_JaffaCakes118
- Size
  
  338KB
- MD5
  
  7107c22585cca5ac62b9fe39dbd9daaa
- SHA1
  
  f0ec4ac5425b96d44725d6530527aae591f5ad57
- SHA256
  
  07f0dc41af2d35f2cdddc5e1d2e38b49db0dbfa7a80840633206c77002d019c8
- SHA512
  
  ae1211188cbae541f5f6b349e5750f838a9502f8ad8abac7ce1c00d2888e855edca3d7dfbffeb833c17ba77dc9c18f47731c138fb178022267bc1aa69aa9e200
- SSDEEP
  
  6144:yl9bet/TLOCbWUyoEmxIlhM0fwZ+4FMxlJ/5OCVdKrLfF0lYmuQ4pf:yYnyoEmxIlhM0YZ9Cxlh5OCi/cYvQ4pf
Score

10^/10

xloader att3 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2