xloader

General

Target

9426dc9b8f72f909b3942db6eb186f5d_JaffaCakes118
Size

894KB
Sample

241124-mrst6ssjcn
MD5

9426dc9b8f72f909b3942db6eb186f5d
SHA1

7c95adf813aca090d9df767830885e1af8fb5d7e
SHA256

7c071823d86f7f37eb038add1e274db23c722612d74602e11496d0b4e312103a
SHA512

169b0f951c40c696d7e696ddf473d8a019765e40eabb90b3c6183c4e761d8fdaddf1ec18e4f84a50a9396da53c298958ead92e8fc4135cdb07f45ce87d3d362c
SSDEEP

12288:4se2d4V/0GzmvnITzhgb7ef8M+w8z/FCnkEFKvFxO6zHK7zQWzKboZT0FR:/HSd6Y87w8DFCkPvFxO6+U0KboyR

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m6b5

Decoy

ixtarbelize.com

pheamal.com

daiyncc.com

staydoubted.com

laagerlitigation.club

sukrantastansakarya.com

esupport.ltd

vetscontracting.net

themuslimlife.coach

salmanairs.com

somatictherapyservices.com

lastminuteminister.com

comunicarbuenosaires.com

kazuya.tech

insightlyservicedev.com

redevelopment38subhashnagar.com

thefutureinvestor.com

simplysu.com

lagu45.com

livingstonpistolpermit.com

Targets

- Target
  
  9426dc9b8f72f909b3942db6eb186f5d_JaffaCakes118
- Size
  
  894KB
- MD5
  
  9426dc9b8f72f909b3942db6eb186f5d
- SHA1
  
  7c95adf813aca090d9df767830885e1af8fb5d7e
- SHA256
  
  7c071823d86f7f37eb038add1e274db23c722612d74602e11496d0b4e312103a
- SHA512
  
  169b0f951c40c696d7e696ddf473d8a019765e40eabb90b3c6183c4e761d8fdaddf1ec18e4f84a50a9396da53c298958ead92e8fc4135cdb07f45ce87d3d362c
- SSDEEP
  
  12288:4se2d4V/0GzmvnITzhgb7ef8M+w8z/FCnkEFKvFxO6zHK7zQWzKboZT0FR:/HSd6Y87w8DFCkPvFxO6+U0KboyR
Score

10^/10

xloader m6b5 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2