xloader

General

Target

da18fea88d35935c34972c6d2b532b4b_JaffaCakes118
Size

930KB
Sample

241209-rxx4as1jgy
MD5

da18fea88d35935c34972c6d2b532b4b
SHA1

5a0ceab83814ba09cf47eb32daf44651ac17cd61
SHA256

8c200639871626b76bf9c568cbb456a304730cffb072dbf8ae36df19db96ed05
SHA512

0c4ad8744a98cea89d103a9563e8c5875380467e9ce2472f4a81b67d3ec587840f3f70d006da70d6021bcc5c27f9815782186e0b9aa4d37fb762e08df877c89a
SSDEEP

12288:WZ3iF2iNeHK7zgzdQ8EjcqwqeXp+LUVxN3XYPCbzIziUV9ZRLsa3pEP7r9r/+pph:63a1bYEjpUg2tXuCbzCV7361q

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

xcw2

Decoy

expdallastx.com

vedanshhomoeopathy.com

ssmt66.com

echomc.xyz

myclarityplanner.com

abrosnm3.com

unitandrea.icu

dftuned.com

sbamilkingmachinery.com

lifesongmidwife.com

crepkonnect.com

reevoy.info

warisanoranglama.com

geotekmapping.com

eert.net

pcmajstor.com

32sj6dxrkx8pfp.xyz

zoomaconsultation.com

vinilikes.com

superbrandsstore.com

Targets

- Target
  
  da18fea88d35935c34972c6d2b532b4b_JaffaCakes118
- Size
  
  930KB
- MD5
  
  da18fea88d35935c34972c6d2b532b4b
- SHA1
  
  5a0ceab83814ba09cf47eb32daf44651ac17cd61
- SHA256
  
  8c200639871626b76bf9c568cbb456a304730cffb072dbf8ae36df19db96ed05
- SHA512
  
  0c4ad8744a98cea89d103a9563e8c5875380467e9ce2472f4a81b67d3ec587840f3f70d006da70d6021bcc5c27f9815782186e0b9aa4d37fb762e08df877c89a
- SSDEEP
  
  12288:WZ3iF2iNeHK7zgzdQ8EjcqwqeXp+LUVxN3XYPCbzIziUV9ZRLsa3pEP7r9r/+pph:63a1bYEjpUg2tXuCbzCV7361q
Score

10^/10

xloader xcw2 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2