xloader

General

Target

82313d9072e776dcf2290245e35b2784_JaffaCakes118
Size

797KB
Sample

241031-hzym6s1pb1
MD5

82313d9072e776dcf2290245e35b2784
SHA1

f58849871cc85d60cc49af4e37e1ae845648c9f5
SHA256

f07e026ebe12f04343d27a35610cd195876501891518a005d64741402e7b4b8e
SHA512

0a487ca070fbb65cfe0da5477d3fdb6eae767a0b55198e0e288bd5e824bcd01f6846c7e6dabb06a73b37d73749212533beaeaac05f98a6a3b6cc5354ab1ac93b
SSDEEP

12288:8Zx7rMYV6MorX7qzuC3QHO9FQVHPF51jgctrcdX/xfLZ2YxfIxncr:8PBXu9HGaVHGxFt2dcr

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

wme0

Decoy

mobileads.network

smartplumbing.services

hessusmelke.quest

5gbusinessbestservices.com

soniceasy.com

sishikeji.com

streetstock.space

interchimp.com

sassholesentiments.com

lemon6.club

thestogiestore.com

11elevencouture.com

loveimperia.com

firstactrealestate.com

alstonimages.com

mainmanmemories.com

floridavillarealtor.com

selberherrlab.com

jurisfinca.quest

bakercsoncrete.com

Targets

- Target
  
  82313d9072e776dcf2290245e35b2784_JaffaCakes118
- Size
  
  797KB
- MD5
  
  82313d9072e776dcf2290245e35b2784
- SHA1
  
  f58849871cc85d60cc49af4e37e1ae845648c9f5
- SHA256
  
  f07e026ebe12f04343d27a35610cd195876501891518a005d64741402e7b4b8e
- SHA512
  
  0a487ca070fbb65cfe0da5477d3fdb6eae767a0b55198e0e288bd5e824bcd01f6846c7e6dabb06a73b37d73749212533beaeaac05f98a6a3b6cc5354ab1ac93b
- SSDEEP
  
  12288:8Zx7rMYV6MorX7qzuC3QHO9FQVHPF51jgctrcdX/xfLZ2YxfIxncr:8PBXu9HGaVHGxFt2dcr
Score

10^/10

xloader wme0 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2