xloader

General

Target

JaffaCakes118_fef4ff3d7065c797a62443c99e5ea91d4d1f2c421726b24df6571d8559dffdb7
Size

502KB
Sample

241223-v3yhsswlft
MD5

a0b325783e69e118438d81378f9dc428
SHA1

c8afcbd9b102332934e0b7fe2bbd96d5d7c1582e
SHA256

fef4ff3d7065c797a62443c99e5ea91d4d1f2c421726b24df6571d8559dffdb7
SHA512

e65a769df4d7096727a45c61b055bf68a2778313e5cb15136a6b6062fb6569cbeabded46af8790b3018b37094548047ede171d60a48a274d9797408781c366a4
SSDEEP

12288:ru1RBqpdRRJesCtpuV2WfVO8PVzj5MrDIoJ1GDQQHIv:rWRBqpZJMytl5iwHIv

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bh9c

Decoy

javhdxx.net

merakii.art

vagonorientexpress.com

charliethetortoise.com

hgspw.net

creciendoconvos.com

duppercaptat.quest

threattotal.info

heidecide.xyz

beverageplug.com

clothandcauldron.net

elbach.store

dtassistant.com

miumellow.com

militarydefensecampbase.com

backratz.com

fuzzyfrendz.com

usa-visa-open.space

moon9.xyz

staynolive.com

Targets

- Target
  
  897201ea7e47403cf8b8431ab9a59bcee9eb559ecba43a2224852cbd5b75e580
- Size
  
  737KB
- MD5
  
  7b3930f320bc8e3a4518b0900ff713fd
- SHA1
  
  49f2502e24107b9e9a55537d44fd245008a1d743
- SHA256
  
  897201ea7e47403cf8b8431ab9a59bcee9eb559ecba43a2224852cbd5b75e580
- SHA512
  
  ddea25208a5086f81d4378ddeb1cc5d6713a83607099d0b809a403770e558a9096913faa9014899da1cd2644d031c692fa2b235999e6eb20ba67859178999b26
- SSDEEP
  
  12288:L5g5YHfdVPIcz8CSZJVyiVp/UlFrMNf9vqDgjieZUks+EKVFtc6:b1l7zIZGiVpcT8f9vq8jiaUkiK
Score

10^/10

xloader bh9c discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2