xloader

General

Target

ac6706073f054030b05b71bdf23afc11_JaffaCakes118
Size

430KB
Sample

241128-p7qqvstnhn
MD5

ac6706073f054030b05b71bdf23afc11
SHA1

dd90b7dea8bf16002b7bcef6f358b4eaefac62a6
SHA256

70e7c5966ac86d48e0519f9b2b34703d2915b603836f4de0be2a2badddd258e7
SHA512

dd86dfa395eb5930d7ba1f41f0d95d659b04b619c8b40e4903c3c04f9f6b09d160fd7da4c86a1cca8d9eca6a55cd5cb86c200967fd2d9ec68cb13475a0f463da
SSDEEP

12288:f12LO9X78MZ57vZ7NmeeKjVrqZiEOiewVrIdtBm8fO6:f12Lm7FEee6FsiuewQtg8fO6

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

snaa

Decoy

ivetau.com

jupstudios.com

myvintagespecs.com

nineliveslabs.xyz

linahaljarad.com

itbling.com

bqmmw.com

danmgg.com

savalanxe.com

gasolinestation.info

blankedu.com

virginiacannabislawyer.com

jochichicago.com

herbwarts.com

bigcitygigs.com

gheeduvine.com

underwoodway.net

philosophia-perennis.club

milanodesk.com

myrandr.com

Targets

- Target
  
  ac6706073f054030b05b71bdf23afc11_JaffaCakes118
- Size
  
  430KB
- MD5
  
  ac6706073f054030b05b71bdf23afc11
- SHA1
  
  dd90b7dea8bf16002b7bcef6f358b4eaefac62a6
- SHA256
  
  70e7c5966ac86d48e0519f9b2b34703d2915b603836f4de0be2a2badddd258e7
- SHA512
  
  dd86dfa395eb5930d7ba1f41f0d95d659b04b619c8b40e4903c3c04f9f6b09d160fd7da4c86a1cca8d9eca6a55cd5cb86c200967fd2d9ec68cb13475a0f463da
- SSDEEP
  
  12288:f12LO9X78MZ57vZ7NmeeKjVrqZiEOiewVrIdtBm8fO6:f12Lm7FEee6FsiuewQtg8fO6
Score

10^/10

xloader snaa discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2