xloader

General

Target

JaffaCakes118_7e5ba666475aac3d9c115cd4d791172d5189ebe444c8f4bdbe0575e570d45075
Size

951KB
Sample

241222-gqadjswpez
MD5

749397a6c1dad0f8c84af62220568218
SHA1

ebef67733e10bc9079816ed1dd1b4e2f76ec8686
SHA256

7e5ba666475aac3d9c115cd4d791172d5189ebe444c8f4bdbe0575e570d45075
SHA512

6597c6b4b76e5d8b481a1add0ab076fbbc18ceffcdbd76b48f8a8afcbaf17ad25cb1497619729826c470b09f9bc7cc96ce38dc690024623a699f898bef855954
SSDEEP

24576:InMOmE3M/UYu91k+IhTVb/vfJuEDkv/dc/izbKRUT:InMhE8cYi4b/XJBQv/dSyT

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

eao

Decoy

littletram.com

vanmetaal.com

clubbingspringbreak.com

intohuman.com

steph.place

ipsumksa.com

paultoon.com

wocwebowecbweogw.com

beverlyhillsmerch.com

vans-athens.com

stylishnailsbyem.com

milletvit.com

pappyjacksburgershack.com

anal-liza.com

lotownerbuilders.com

caffinatics.com

cvbtrading.co.uk

pheasanttrailsgolfcourse.com

wed0888.com

sundeepm.com

Targets

- Target
  
  Purchase order O4500016955EqgcN9Xz7YZKqZ2.bin
- Size
  
  1.2MB
- MD5
  
  1e956cce584ed3910b0914ed03c5b396
- SHA1
  
  c8e5c8f09696b8d5c81ed979a5eba7066eba5305
- SHA256
  
  0c79a0b34b24ef2f69bb07586863afa5d3631398f79b895390ec2beddaa4fb78
- SHA512
  
  47196bae5faebcb994d690651d7ce91ae35482f24c42ebd290b681dd5f60dda421368c20bd849d81d5f8c6e882ef084d3ed5c3ed118d1f7133a23e3cd7e66b3f
- SSDEEP
  
  24576:J6QP6K2CngiZucOaCrYz4jEmW/g+xRri3Md+clMr+b1E43:tPb2CgcyrKmW/PHi3Hrqv
Score

10^/10

discovery xloader eao loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2