xloader

General

Target

a01ccf9ea1cd42165dcf68211a819193_JaffaCakes118
Size

463KB
Sample

241126-ga948sxket
MD5

a01ccf9ea1cd42165dcf68211a819193
SHA1

f6bcccfe7a15aa6ec76aa60e27e84f81ce966019
SHA256

cac5a5a1cd604a792b9231fb65fe38110c631873cfa834bf4f43b9418d1ec17f
SHA512

edfe36fbd1238d7249d57efa8922369801144bf64908b1b9607ab387003f40363bad164b00965490b9cb4c0e1fc30a00fcf95916e5afa28b60aa6f5c3e6225fd
SSDEEP

12288:IsZnGIIyuA5qe7RZlSzE7hvaVciuK8Ipuu3AnbSUsFkJ:IsZnGUuvy23LouCSUfJ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ma5c

Decoy

hua0591.com

ncuedu.icu

damaramtv.com

mgnmx.com

fridaynightdates.com

lyqjzg.net

americanalecompany.com

badgebuttons.com

maiketplace.com

camsa90.com

certifiedrockets.com

mixmarkt.delivery

htownxtracts.com

bluemountainautoparts.com

aldemallc.com

joint-sisters.com

gertimi.com

s293a8tx4zu.net

healthy-calm.com

bulukx.com

Targets

- Target
  
  a01ccf9ea1cd42165dcf68211a819193_JaffaCakes118
- Size
  
  463KB
- MD5
  
  a01ccf9ea1cd42165dcf68211a819193
- SHA1
  
  f6bcccfe7a15aa6ec76aa60e27e84f81ce966019
- SHA256
  
  cac5a5a1cd604a792b9231fb65fe38110c631873cfa834bf4f43b9418d1ec17f
- SHA512
  
  edfe36fbd1238d7249d57efa8922369801144bf64908b1b9607ab387003f40363bad164b00965490b9cb4c0e1fc30a00fcf95916e5afa28b60aa6f5c3e6225fd
- SSDEEP
  
  12288:IsZnGIIyuA5qe7RZlSzE7hvaVciuK8Ipuu3AnbSUsFkJ:IsZnGUuvy23LouCSUfJ
Score

10^/10

xloader ma5c discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2