xloader

General

Target

ed56b844097dbb24e768aa5b08ee77b5_JaffaCakes118
Size

714KB
Sample

241214-ac5h7stmdl
MD5

ed56b844097dbb24e768aa5b08ee77b5
SHA1

95410dca7795f5f150758c29cca952e058720a90
SHA256

1c49c90dceca146ee0b95fab3873e38bcda5b46b550a59f8ba2ccf5984a11b92
SHA512

0a8e771a163e95d7835dcf15c469e3b6d681fc5932256e374e2c9f0a69141f7a493207c40a143996e2508f0f4ea4896d34247af5021013c30bab7946f74b29b9
SSDEEP

12288:1okY8tYPdd2f1SZj5R9q+EWAKo17j3Cwcu0HK7zWt6UJ9r1Rp3Crzo6nZNe+op/N:dEdR9tANjogz49p4o0SX/7yScBcOba4C

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ssee

Decoy

portalcanaa.com

korzino.com

dlylms.net

smartearphoneshop.com

olimiloshop.com

auvdigitalstack.com

ydxc.chat

yhk868.com

lifeinthedport.com

self-sciencelabs.com

scandicpack.com

hold-sometimes.xyz

beiputei.com

yourrealtorcoach.com

rxods.com

fundsoption.com

ahlstromclothes.com

ksdieselparts.com

accountmangerford.com

kuwaitlogistic.com

Targets

- Target
  
  ed56b844097dbb24e768aa5b08ee77b5_JaffaCakes118
- Size
  
  714KB
- MD5
  
  ed56b844097dbb24e768aa5b08ee77b5
- SHA1
  
  95410dca7795f5f150758c29cca952e058720a90
- SHA256
  
  1c49c90dceca146ee0b95fab3873e38bcda5b46b550a59f8ba2ccf5984a11b92
- SHA512
  
  0a8e771a163e95d7835dcf15c469e3b6d681fc5932256e374e2c9f0a69141f7a493207c40a143996e2508f0f4ea4896d34247af5021013c30bab7946f74b29b9
- SSDEEP
  
  12288:1okY8tYPdd2f1SZj5R9q+EWAKo17j3Cwcu0HK7zWt6UJ9r1Rp3Crzo6nZNe+op/N:dEdR9tANjogz49p4o0SX/7yScBcOba4C
Score

10^/10

xloader ssee discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2