xloader

General

Target

JaffaCakes118_709fc33b5583c479174e8149fcf28a50a50653cc19ba49fb917de4e8ff2ad22c
Size

284KB
Sample

241224-2hch6ayqfz
MD5

72675848b8acf180356e2c6a8217b604
SHA1

2fbe6b95cb3d87fb039be775ff798083a74f487b
SHA256

709fc33b5583c479174e8149fcf28a50a50653cc19ba49fb917de4e8ff2ad22c
SHA512

6e40ba0c509ddc23619e398469285c1f9e036ebff1b35e762c4adf739f17e657840391b28fb1a0dd054772bd58dd5718b0561ac3d5482bf3506bdaa432c47664
SSDEEP

6144:Bi4ZgiljcWUVD+JCWobsAJ9CRRPCCdJeOuC2Vm268Pi:BXGDZKJLNRPSOuCU6ki

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

voa9

Decoy

hamedsoleimani.com

21t8.com

closurefroioj.xyz

1840beverlyglen308.com

zp1915213066.xyz

fesoftware.net

alamana.group

assetto.tech

vizitafrica.com

kalinganet.com

brzksmly.com

bipcursos.com

ketquaxskt.com

shemaworld.com

niftyyak.com

lockwoodtowncenter.com

carteiradetrafego.com

877561.com

handwrittenbooks.com

stribl.com

Targets

- Target
  
  order payment.exe
- Size
  
  291KB
- MD5
  
  ec2853c83cff7b763bb603a2754749f1
- SHA1
  
  0d7e640764aea9b1a8585ac57edf8e2061cd5c61
- SHA256
  
  9cb67c087ee707c5878f773e00cc4d55ad3b9fa3092b9ea9614647a06a9c9003
- SHA512
  
  e8f6521f398c1670f3efb5b34b52e58eb8f960a8496e81d5ea180ff763581fa7802ca1352a6ec5733d449f68e0a1918c8744fd8b824e9b15ad10086330e8ec5c
- SSDEEP
  
  6144:owkx9R0tcuke6acPbZv8f3tdSUmuzpJ40N/btqbJZCZquFHyqWUG:m9R1GuPN8/VdpJD5eZATHyMG
Score

10^/10

xloader voa9 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  hgdwc.exe
- Size
  
  120KB
- MD5
  
  b1179c8714525c79f49b3e1cdbb37339
- SHA1
  
  7cae6fbe83da4a0a0cd4f090e731d50c7622aa05
- SHA256
  
  dbff6c480833bf385c392057177822a2b6c7cc988ec6305c021aacf3e89c0f94
- SHA512
  
  e23b43787e81f758e2758febe49c89680dbda8373acf3301b0092339f537c734425724bf13c7f210e8b76541cee68a544f8f8bc8682d24e138fd59815d0774a1
- SSDEEP
  
  1536:PLraTSjiYFwlvwVC1TsJ66zafChiC+JqeeyEez1wsJG+c8o4D/0sWjcdaGWd:PJjFwlvweI8kaZ94eeU1oy7aG6
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4