xloader

General

Target

a258ac40b5c62c1ac1124ace071c69dd_JaffaCakes118
Size

1.5MB
Sample

241126-rexd2s1jbl
MD5

a258ac40b5c62c1ac1124ace071c69dd
SHA1

0933c2e288e682513d149fba882a5734d6164072
SHA256

8b520ce0de0ae8276e9c19053cae465454c94c963834166cfe5b2eb43f6050e4
SHA512

242bf0135b3d3c7ac810b3e869941b65ed196502bb99abd6bc51bd2f2ad229864efe3d465d94e2e2ac23efa5c70262611766b6513e4c09d66da424194f52559d
SSDEEP

12288:X3/OmzXhHYNrG4H/8gA1jg0vbZBrLAkd2CZjjhmnqQ6H+Uy1Susr8MmH3ji:GmThKG4f8njrskUCdtq3ZZS5R0

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

o9pi

Decoy

ljhhtls.com

xaomuondoi.xyz

michaelegerberlegacy.net

theboombastics.com

stonecrabnews.com

manerrtherd-online.com

tresegundos.com

cityedirectory.com

immopanama.com

natjurals.com

blun33.com

facilmkt.com

giulz.com

comparateurassurancesante.net

lpcavoca.church

xn--u9jy72gkoryg6abnb.com

porcelain-jewels.com

veraleiloes.com

ioc.coffee

batesjanitoral.com

Targets

- Target
  
  a258ac40b5c62c1ac1124ace071c69dd_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  a258ac40b5c62c1ac1124ace071c69dd
- SHA1
  
  0933c2e288e682513d149fba882a5734d6164072
- SHA256
  
  8b520ce0de0ae8276e9c19053cae465454c94c963834166cfe5b2eb43f6050e4
- SHA512
  
  242bf0135b3d3c7ac810b3e869941b65ed196502bb99abd6bc51bd2f2ad229864efe3d465d94e2e2ac23efa5c70262611766b6513e4c09d66da424194f52559d
- SSDEEP
  
  12288:X3/OmzXhHYNrG4H/8gA1jg0vbZBrLAkd2CZjjhmnqQ6H+Uy1Susr8MmH3ji:GmThKG4f8njrskUCdtq3ZZS5R0
Score

10^/10

xloader o9pi discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2