xloader

General

Target

c0d208fca5e265ddd34e05cc2a0276ef_JaffaCakes118
Size

928KB
Sample

241204-e6mygaskfs
MD5

c0d208fca5e265ddd34e05cc2a0276ef
SHA1

8fb8984b700c2350cd442664b21961905adb922a
SHA256

b7fc471e982d86cd36e4704bb9e5ee9496c06de4d1a2c2c3c3dad7862a3a5392
SHA512

13cbb6620efa6d3ad8bf0b86651de354db8c8e886dd55d854bfa093ff1f3b044c76eceaaa5ab38e3eb5bbab4185d5f0691d1377faef679910bcff18ce1c98819
SSDEEP

24576:hc9hMNjO1WrbOmLZ19bA3UM0A4OxWIrAyX/EA:a9mhsmP9E3UMKOvrX/

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bp39

Decoy

glembos.com

adjud.net

beautifyoils.com

chilewiki.com

duxingzi.com

happygromedia.com

restpostenboerse.com

vowsweddingofficiants.com

ladingjiwa.xyz

keepmakingefforts-001.com

yeniao.net

eyildirmaz.com

sayanghae.com

promoteboost.com

lzft.net

proudindiacompany.com

birchwoodmeridianlink.com

mesinionisasi.com

wwwrigalinks.com

wewearthepants.com

Targets

- Target
  
  c0d208fca5e265ddd34e05cc2a0276ef_JaffaCakes118
- Size
  
  928KB
- MD5
  
  c0d208fca5e265ddd34e05cc2a0276ef
- SHA1
  
  8fb8984b700c2350cd442664b21961905adb922a
- SHA256
  
  b7fc471e982d86cd36e4704bb9e5ee9496c06de4d1a2c2c3c3dad7862a3a5392
- SHA512
  
  13cbb6620efa6d3ad8bf0b86651de354db8c8e886dd55d854bfa093ff1f3b044c76eceaaa5ab38e3eb5bbab4185d5f0691d1377faef679910bcff18ce1c98819
- SSDEEP
  
  24576:hc9hMNjO1WrbOmLZ19bA3UM0A4OxWIrAyX/EA:a9mhsmP9E3UMKOvrX/
Score

10^/10

xloader bp39 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2