xloader

General

Target

c26f3b3d84405eea3ab95b69f7e5a389_JaffaCakes118
Size

1.5MB
Sample

241204-n54n9svlcw
MD5

c26f3b3d84405eea3ab95b69f7e5a389
SHA1

38a81de45ed4b1c4c84c89c2fd7d5b2334d85b05
SHA256

74829b780f8a868740f974a08c4a89aacbf293671b189a7f773b41651e004c9a
SHA512

3a004be5a242af6648f0dc03e85d49d6042a3d91a20043c3315e616d3a30b1ccddd588d94a3f569e54ba9e15f3c878bc66ad17e41dad7178514f30d5e9d4ab0b
SSDEEP

12288:Oh5E394sjPBi/7Ui9rI9jGoaft/VEMv/ZkkDOEVTQ6H1Uy1Susr8MmH3jr:FKo8UimctdEA/ZkcemZS5R0

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uisg

Decoy

editions-doc.com

nbchengfei.com

adepojuolaoluwa.com

wereldsewoorden.com

sjstyles.com

indigo-cambodia.com

avrenue.com

decaturwilbert.com

tech-really.com

kimurayoshino.com

melocotonmx.com

njrxmjg.com

amandadoylecoach.com

miniaide.com

kocaeliescortalev.com

ycxshi.com

f4funda.com

126047cp.com

projecteutopia.com

masksforvoting.com

Targets

- Target
  
  c26f3b3d84405eea3ab95b69f7e5a389_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  c26f3b3d84405eea3ab95b69f7e5a389
- SHA1
  
  38a81de45ed4b1c4c84c89c2fd7d5b2334d85b05
- SHA256
  
  74829b780f8a868740f974a08c4a89aacbf293671b189a7f773b41651e004c9a
- SHA512
  
  3a004be5a242af6648f0dc03e85d49d6042a3d91a20043c3315e616d3a30b1ccddd588d94a3f569e54ba9e15f3c878bc66ad17e41dad7178514f30d5e9d4ab0b
- SSDEEP
  
  12288:Oh5E394sjPBi/7Ui9rI9jGoaft/VEMv/ZkkDOEVTQ6H1Uy1Susr8MmH3jr:FKo8UimctdEA/ZkcemZS5R0
Score

10^/10

xloader uisg discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2