xloader

General

Target

JaffaCakes118_6c52af67375cff10635d85e1125a18ce827b7450ed5cf1e0d60300fbe57217e9
Size

300KB
Sample

241224-zcz16awqfv
MD5

22d3c4476814fc2e94a8f30edcc48c60
SHA1

2907e769e7ea539b29f32de670ad008c1a49a6e5
SHA256

6c52af67375cff10635d85e1125a18ce827b7450ed5cf1e0d60300fbe57217e9
SHA512

419e411298d3b3705eeb72c9658081e9af10923d8f5f4bad2e18c2a559edc0a5150b82b5d4b371abab5bd5b3a23ebe2abb953463935e8e56c8ab7fb172a3d84f
SSDEEP

6144:6QwLjZxaGhQka0WLpx5hpbZVykGru5zUmAeV6gMenmbQRY4CB:6Q4xlypL/Ppv/Iu5zN7MX6A

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

iedi

Decoy

taschenhimmel.guru

nychehang.com

samrgov.xyz

lumenharleystreet.com

286241.com

herramientaspcdigitales.com

collegesecurityroadshow.com

fcpt.club

iphone13promax.art

karmikdevco.com

melanin4mermaidstalks.com

550-29th.com

bsthuy24h.com

desertmermaidcreations.com

fifi8.xyz

interweavelife.com

onlylands.icu

freemanengenharia.com

referralinstituteatlanta.com

dugerits.com

Targets

- Target
  
  RFQ-2203IQ22.exe
- Size
  
  363KB
- MD5
  
  497c61e3c3b524f3f5e21133e25e9fed
- SHA1
  
  3ae28a52da98599f857c6086bd650ddb7a08884b
- SHA256
  
  e8a006ff04f0284cdd1008d687dc62231e78886c017904c462c0b18d9b938a8a
- SHA512
  
  4fccfe219f77d9cb9da4c017fb28e33ba9fad4f7e7202525ef7a0d36e39b2c51b70d5d61e4ff011abee75f39cb1910cd5580274aa796991c8366ee3cb196ab3a
- SSDEEP
  
  6144:TGi7FnvhydhcoKQB9IkZFPVOcVKmPo1irNYMr08C2YuDPwHEzzRof28Jt:1w95FdOEoKQ8C2YuDPwMzefRf
Score

10^/10

xloader iedi discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  dbhvn.exe
- Size
  
  107KB
- MD5
  
  2c3eb1912198569cf1680077ac995221
- SHA1
  
  c69948d7e3d380b1b8d29df7501eadc0fea857ec
- SHA256
  
  e1b09d71f05cf589e41f3701142b3fd917508e3b5f43eaa810bcaeab74f18165
- SHA512
  
  9553c96268cffb7638ff1e2df116ddb039654fc221328a6fa5673d1b502cfaca6d1762a6e3a537d530eec6c66004058520de6592aa6492e80f7faef7f73e49bd
- SSDEEP
  
  3072:/PyndOgky6ADbfLwjQRnOA9QNvRWK5Ow3S9lTypMu:indO75ADLMkRHOWKcwNpMu
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4