xloader

General

Target

e0a4ffac90da3cf42e3b250d758b7195_JaffaCakes118
Size

1.1MB
Sample

241211-khc19azkfr
MD5

e0a4ffac90da3cf42e3b250d758b7195
SHA1

45de569d369659a5cbd6d3aec09f9668eb34cddc
SHA256

7f6e0bac11526a5e1bbcdb54476c0bb7e8fdb7d8008001a5a488c60a080fc51c
SHA512

bdce7cede48f67d13733514013c6e9df8a43d23dce64f6597bb0b23505a06464833af2cdfea39c0f9e2f5eeedb5318531446597da810f926f197bf2da2b16468
SSDEEP

12288:5Me5miDY2KkDeYd5Kj+KSp+w6LrtzpHTwH3qm8TsqRL+NSW3bKIU6n9Auj5rrNKF:CYY2Byfg+HnPGzVb99U58roVh

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m6b5

Decoy

ixtarbelize.com

pheamal.com

daiyncc.com

staydoubted.com

laagerlitigation.club

sukrantastansakarya.com

esupport.ltd

vetscontracting.net

themuslimlife.coach

salmanairs.com

somatictherapyservices.com

lastminuteminister.com

comunicarbuenosaires.com

kazuya.tech

insightlyservicedev.com

redevelopment38subhashnagar.com

thefutureinvestor.com

simplysu.com

lagu45.com

livingstonpistolpermit.com

Targets

- Target
  
  e0a4ffac90da3cf42e3b250d758b7195_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  e0a4ffac90da3cf42e3b250d758b7195
- SHA1
  
  45de569d369659a5cbd6d3aec09f9668eb34cddc
- SHA256
  
  7f6e0bac11526a5e1bbcdb54476c0bb7e8fdb7d8008001a5a488c60a080fc51c
- SHA512
  
  bdce7cede48f67d13733514013c6e9df8a43d23dce64f6597bb0b23505a06464833af2cdfea39c0f9e2f5eeedb5318531446597da810f926f197bf2da2b16468
- SSDEEP
  
  12288:5Me5miDY2KkDeYd5Kj+KSp+w6LrtzpHTwH3qm8TsqRL+NSW3bKIU6n9Auj5rrNKF:CYY2Byfg+HnPGzVb99U58roVh
Score

10^/10

xloader m6b5 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2