xloader

General

Target

ada9f3fef02806076da84b549a873261_JaffaCakes118
Size

293KB
Sample

241128-1hhvha1pht
MD5

ada9f3fef02806076da84b549a873261
SHA1

1a215556d81e885d9b179dc46d037742d047b72b
SHA256

dedfb7f92808e48feb04d401fdd7cac5f4951c1e6b31601f1b901f894d29398d
SHA512

e664dfe09736bb22606b990493d8066caacc8727401a2c03f350a3044e86615b2609ffc41e16ee8da0f8f103a03cc57bcb74127f1441580f5a97c683cca419e2
SSDEEP

6144:A0fSeECNROmftNgyBxJy97rmvFZJf1VcrWRY5Jo2CSExtzva9Yua6:FKeElmngyBxq7KvFffUrWR8KxE9Y0

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uo4x

Decoy

justinlocke.design

integrauy.com

veganoandorganico.com

solisdq.info

kitchentoolhouse.com

essencejanay.com

faithfultruck.com

marketplace-73837233.com

bimadesigns.com

confussekd.com

aadamslovingheart.com

abdulsalamyafi.com

leticiamagalhaes.science

myrootsandtrees.com

thewickedwafflestick.com

wanakamotelnz.com

driveerb.com

trenchng.com

tarantocapitaledimare.info

vipmallorcamanagement.com

Targets

- Target
  
  ada9f3fef02806076da84b549a873261_JaffaCakes118
- Size
  
  293KB
- MD5
  
  ada9f3fef02806076da84b549a873261
- SHA1
  
  1a215556d81e885d9b179dc46d037742d047b72b
- SHA256
  
  dedfb7f92808e48feb04d401fdd7cac5f4951c1e6b31601f1b901f894d29398d
- SHA512
  
  e664dfe09736bb22606b990493d8066caacc8727401a2c03f350a3044e86615b2609ffc41e16ee8da0f8f103a03cc57bcb74127f1441580f5a97c683cca419e2
- SSDEEP
  
  6144:A0fSeECNROmftNgyBxJy97rmvFZJf1VcrWRY5Jo2CSExtzva9Yua6:FKeElmngyBxq7KvFffUrWR8KxE9Y0
Score

10^/10

xloader uo4x discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2