xloader

General

Target

c54014c8c3d524d217670b262e5cfc4b_JaffaCakes118
Size

800KB
Sample

241205-bw8kms1nd1
MD5

c54014c8c3d524d217670b262e5cfc4b
SHA1

6eedabbd4ea50a1881d3e3f9ecc869033e0ec9b3
SHA256

fa7a3ac64a6c26f248d805abfb0961bfe6518df6dcb3212de51593b92d5e4158
SHA512

7aea488816c8635e4958edc99c771817c460efea425e78e99bd5adbcd5871f6e76329dc1e19bac0d35ac0989c8e5fb07e07c4b214601b37e27e8c7ced264812b
SSDEEP

24576:rQ9D7dL89uJD0Bl0BmcH69JAcvKnW7C0KHGoD4r:4dL89uJDnIPo

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ssee

Decoy

portalcanaa.com

korzino.com

dlylms.net

smartearphoneshop.com

olimiloshop.com

auvdigitalstack.com

ydxc.chat

yhk868.com

lifeinthedport.com

self-sciencelabs.com

scandicpack.com

hold-sometimes.xyz

beiputei.com

yourrealtorcoach.com

rxods.com

fundsoption.com

ahlstromclothes.com

ksdieselparts.com

accountmangerford.com

kuwaitlogistic.com

Targets

- Target
  
  c54014c8c3d524d217670b262e5cfc4b_JaffaCakes118
- Size
  
  800KB
- MD5
  
  c54014c8c3d524d217670b262e5cfc4b
- SHA1
  
  6eedabbd4ea50a1881d3e3f9ecc869033e0ec9b3
- SHA256
  
  fa7a3ac64a6c26f248d805abfb0961bfe6518df6dcb3212de51593b92d5e4158
- SHA512
  
  7aea488816c8635e4958edc99c771817c460efea425e78e99bd5adbcd5871f6e76329dc1e19bac0d35ac0989c8e5fb07e07c4b214601b37e27e8c7ced264812b
- SSDEEP
  
  24576:rQ9D7dL89uJD0Bl0BmcH69JAcvKnW7C0KHGoD4r:4dL89uJDnIPo
Score

10^/10

xloader ssee discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2