xloader

General

Target

fa4940b0a236ff804f909c42b965572c_JaffaCakes118
Size

737KB
Sample

241218-f667sawpeq
MD5

fa4940b0a236ff804f909c42b965572c
SHA1

aea87158e10ca3fe2e44cc51bad5b92bf86c8605
SHA256

f6ca5975931a975e167e665863ba4ae3be48db585117bad6d4eb833fae8491cd
SHA512

8c611dd5cd481c1e1df1afc95b375677976268f4677969fe3c99e66f624f5f6354406688882df45796567b1a14ef83cabda8a8522c8c8a0fa1fd18a6c2b9b526
SSDEEP

12288:HjYTVR4/R6WGZEaDDomXa/ZoN+Zxh/IGvBpt9VjW:HjjRRXgMm2oN+Zx9dvBp3VjW

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cuig

Decoy

sofiathinks-elderly.net

lahamicoast.info

2shengman.com

cbsautoplex.com

arcana-candles.com

genrage.com

kukumiou.xyz

thequizerking.com

sonataproductions.com

rebuildgomnmf.xyz

ubcoin.store

yiyouxue.net

firstlifehome.com

mdx-inc.net

gotbn-c01.com

dinobrindes.store

jcm-iso.com

cliente-mais.com

mloujewelry.com

correoversoi.quest

Targets

- Target
  
  fa4940b0a236ff804f909c42b965572c_JaffaCakes118
- Size
  
  737KB
- MD5
  
  fa4940b0a236ff804f909c42b965572c
- SHA1
  
  aea87158e10ca3fe2e44cc51bad5b92bf86c8605
- SHA256
  
  f6ca5975931a975e167e665863ba4ae3be48db585117bad6d4eb833fae8491cd
- SHA512
  
  8c611dd5cd481c1e1df1afc95b375677976268f4677969fe3c99e66f624f5f6354406688882df45796567b1a14ef83cabda8a8522c8c8a0fa1fd18a6c2b9b526
- SSDEEP
  
  12288:HjYTVR4/R6WGZEaDDomXa/ZoN+Zxh/IGvBpt9VjW:HjjRRXgMm2oN+Zx9dvBp3VjW
Score

10^/10

xloader cuig discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2