xloader

General

Target

cf3a28df3cd2682651ced75c40b06155_JaffaCakes118
Size

245KB
Sample

241206-1vct1szkgs
MD5

cf3a28df3cd2682651ced75c40b06155
SHA1

df85d8f256b8fd779d660f633eca94a7ea6c3cea
SHA256

3357b4a89dc623781355fe7a673329975777b2a5ce8a2051c538dcb7d4969c8e
SHA512

89c8d75516d889c8993abe926ddf5713e4fe207d459dafffa01d90df01e7f7fea63ffa0ca7428d15b0940f01c9290706c776b0b2461e160cebe2eb23a097b3b5
SSDEEP

6144:Na/djfLqZHNlXeQN/TezMUpyXVG71CRdzf:XfnNQpB8zf

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6a4

Decoy

reviewsresolutions.com

binhminhgardenshophouse.com

nebulacom.com

kadhambaristudio.com

viltoom.club

supmomma.com

tjszxddc.com

darlingmemories.com

hyperultrapure.com

vibembrio.com

reallycoolmask.com

cumbukita.com

brian-newby.com

abstractaccessories.com

marykinky.com

minnesotareversemtgloans.com

prasetlement.com

xplpgi.com

xn--gdask-y7a.com

uababaseball.com

Targets

- Target
  
  cf3a28df3cd2682651ced75c40b06155_JaffaCakes118
- Size
  
  245KB
- MD5
  
  cf3a28df3cd2682651ced75c40b06155
- SHA1
  
  df85d8f256b8fd779d660f633eca94a7ea6c3cea
- SHA256
  
  3357b4a89dc623781355fe7a673329975777b2a5ce8a2051c538dcb7d4969c8e
- SHA512
  
  89c8d75516d889c8993abe926ddf5713e4fe207d459dafffa01d90df01e7f7fea63ffa0ca7428d15b0940f01c9290706c776b0b2461e160cebe2eb23a097b3b5
- SSDEEP
  
  6144:Na/djfLqZHNlXeQN/TezMUpyXVG71CRdzf:XfnNQpB8zf
Score

10^/10

xloader b6a4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2