xloader

General

Target

JaffaCakes118_9b9cdf468e088138aa3ef409c34c5e8bda0eaa8d7b0ce8a43494089b00cf6cae
Size

492KB
Sample

241223-xmwelsxqfl
MD5

0b1ae2aa586dbf78364e56230d8e0637
SHA1

f60bc633689d908897994a86b998a5c3f87bc7a5
SHA256

9b9cdf468e088138aa3ef409c34c5e8bda0eaa8d7b0ce8a43494089b00cf6cae
SHA512

83c18345047ec908da2c1171e6de8c4265cfaf3ac4613c9bc0cd87f77ed9388adfdef34d24a8f7025c8824bc1a1fe1dbbff6aa7e6fea6216cff09dd6c35cc32c
SSDEEP

12288:4XfRlEbk/8sVG8vCnTqSnmpluIchfYhIDhdvF+/F:yIkEESTVnci+9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

agwz

Decoy

organicsifa.com

microlivros.com

kharestudio.com

processautomationsystem.com

359192.com

user-id06783.com

hoopletesonline.com

camrashos.com

xfgyzzm.icu

jjjllcbooking.com

ztouh.info

mynetlfis.info

honeydigi.com

claytelier.com

hbozoom.com

theleftreports.net

drmenelaou.com

ignoringracism.com

querofalardesaude.com

smithysminicharters.com

Targets

- Target
  
  Fatura_Um0slpC3IsVAmnv.bin
- Size
  
  594KB
- MD5
  
  e192091f95cde41724533037eee016f1
- SHA1
  
  3e31af5c3dacf364505ce50c1bc59f14efad372b
- SHA256
  
  00c31ece69362a5cccc665bc1d57b48240d5bf53cbb159cb72b26454849e798e
- SHA512
  
  ee46f4aa86e0594d9432ba3dc505b6faaddecfd37ae8219b5e69e10971874c0636358fd780580f3aa80a8cf38f645efe47ee96a83f3672fff41a1fbedfb59df6
- SSDEEP
  
  12288:bdSPwG60J+z7X++4567hYUDK4H9JW774ysGbBS3f:5lG6t74o9Ykd87Vb+f
Score

10^/10

xloader agwz discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2