xloader

General

Target

ec234effdb4a0bf8257f2bb41fd784aa_JaffaCakes118
Size

312KB
Sample

241213-srqbyasnbx
MD5

ec234effdb4a0bf8257f2bb41fd784aa
SHA1

7fce8adcb4821ba20ac33520f0c4f4690d258f75
SHA256

94ab46851c076f66017869f7ac4a50f9225e688d894010110fcd4839f138b949
SHA512

f44777c79fa8edb8d7b8beef91005d9cb08ca77950e54aff39c397f04d47d6fb2b5b89bfa4b98f2f44ce0d4a0ffb5342f2c98c4e43acc964e57643a6011a0673
SSDEEP

6144:3+9boAXQe4AUF8oI9cAiDFNCVdKrLt2J8L:apUF81cAACi/t

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

att3

Decoy

oakbridgefundservices.com

fancyforts.com

coisadoce.com

learnfrommymentor.com

digitalgurughana.com

phk0.com

jantiprojeekspertiz.com

xiabyhuc.com

todayonly8.info

pgzapgmn.icu

sistemasarafranco.com

nest-estudio.com

2259.xyz

kenobi.tech

mortgageloansbyjeff.com

thameensa.com

navigators.digital

ecocleanmalta.com

advancedrecyclinginc.com

pmotriz.com

Targets

- Target
  
  ec234effdb4a0bf8257f2bb41fd784aa_JaffaCakes118
- Size
  
  312KB
- MD5
  
  ec234effdb4a0bf8257f2bb41fd784aa
- SHA1
  
  7fce8adcb4821ba20ac33520f0c4f4690d258f75
- SHA256
  
  94ab46851c076f66017869f7ac4a50f9225e688d894010110fcd4839f138b949
- SHA512
  
  f44777c79fa8edb8d7b8beef91005d9cb08ca77950e54aff39c397f04d47d6fb2b5b89bfa4b98f2f44ce0d4a0ffb5342f2c98c4e43acc964e57643a6011a0673
- SSDEEP
  
  6144:3+9boAXQe4AUF8oI9cAiDFNCVdKrLt2J8L:apUF81cAACi/t
Score

10^/10

xloader att3 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2