xloader

General

Target

922d3b88f96c3d714ffa416ad5622f0c_JaffaCakes118
Size

313KB
Sample

241124-dhp79a1kds
MD5

922d3b88f96c3d714ffa416ad5622f0c
SHA1

0e88de8bd426fa388be3f56aaeafc9c542398353
SHA256

44dedf5b594d812b996aae7b28fd3489703842b05ff917403f879d728fe15ba0
SHA512

5fa286189485789c9cadc70429ba8dd307716acc2b11e9c6213e6f929d85de4cae81184f29d68fafd20e5250e28455dfc3b915e7b7383c4dc9a20e480d2971b3
SSDEEP

6144:yGEpIphQKVeA/8kApP9Jn73GTrdHqZ13989j0yF20ETHFCRgJ:xEp1JKTrdHq3yw0sH8Rw

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

mpus

Decoy

iptcancer.com

jackrabbitpaintllc.com

advancedctech.com

qualitypcth.com

financialfirm.net

tj-troila.asia

torkifood.net

lindsaymanagementgroup.com

ferreiramaquinas.com

handmadebysinead.com

siendotucoach.com

mattinglybrewing.com

bestemployeetests.com

mindenegybenblog.net

longhornbarn.com

jifuopportunity.com

e-studying.com

fuelonwater.com

tokyohotchicken.com

wpactpro.com

Targets

- Target
  
  922d3b88f96c3d714ffa416ad5622f0c_JaffaCakes118
- Size
  
  313KB
- MD5
  
  922d3b88f96c3d714ffa416ad5622f0c
- SHA1
  
  0e88de8bd426fa388be3f56aaeafc9c542398353
- SHA256
  
  44dedf5b594d812b996aae7b28fd3489703842b05ff917403f879d728fe15ba0
- SHA512
  
  5fa286189485789c9cadc70429ba8dd307716acc2b11e9c6213e6f929d85de4cae81184f29d68fafd20e5250e28455dfc3b915e7b7383c4dc9a20e480d2971b3
- SSDEEP
  
  6144:yGEpIphQKVeA/8kApP9Jn73GTrdHqZ13989j0yF20ETHFCRgJ:xEp1JKTrdHq3yw0sH8Rw
Score

10^/10

xloader mpus discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2