xloader

General

Target

efde85682f97c656375e3f7a2da96c33_JaffaCakes118
Size

226KB
Sample

241214-vw1pks1jcq
MD5

efde85682f97c656375e3f7a2da96c33
SHA1

484437cd1b6f8fc7984d97023c2e7e4b2b90c077
SHA256

47add606e2f5ed4596bffd9f0345e35164c80071efbb0dc4e7b29d1d62391a6e
SHA512

634f7daa11a80887722e1bd341309bba8fcc78c39a5c562882c65ce0d5edbab180f3de4ec71191a6801d5b1533e85c5bb0e5b1cf01218d5579b81ea2500223cb
SSDEEP

6144:ND8O9Jho9mipRr/n2fkOyGLXZcJMvdSWLOrs+/sd2W:fbhotRn2fjkMOD69

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

qb4a

Decoy

travelsonabike2.net

eurekaprice.com

bkardd.com

vr893.com

nnsxykj.com

q-p.info

691485.com

magixe.com

frankysfurnituregallery.com

businessloansug.com

rocketcompaniesshady.info

lercoantincenti.com

pelosi4never.com

bide168.com

socialsecuritybonds.com

xn--hy1bj7gtvmh9a15t.com

anjaschaefer.net

wickedfavicon.com

bitesizedstudio.com

ecogiftsuk.com

Targets

- Target
  
  efde85682f97c656375e3f7a2da96c33_JaffaCakes118
- Size
  
  226KB
- MD5
  
  efde85682f97c656375e3f7a2da96c33
- SHA1
  
  484437cd1b6f8fc7984d97023c2e7e4b2b90c077
- SHA256
  
  47add606e2f5ed4596bffd9f0345e35164c80071efbb0dc4e7b29d1d62391a6e
- SHA512
  
  634f7daa11a80887722e1bd341309bba8fcc78c39a5c562882c65ce0d5edbab180f3de4ec71191a6801d5b1533e85c5bb0e5b1cf01218d5579b81ea2500223cb
- SSDEEP
  
  6144:ND8O9Jho9mipRr/n2fkOyGLXZcJMvdSWLOrs+/sd2W:fbhotRn2fjkMOD69
Score

10^/10

xloader qb4a discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2