xloader

General

Target

JaffaCakes118_3a994c7c2e0700b43c5106c4ffc206833cc9acb6c3e5daf1adf99dabde2b08a7
Size

187KB
Sample

241224-zm8faaxlel
MD5

e1d31202a96df89cf440c6a6bcc6f67c
SHA1

ab3050addb5c989c59371e12e58734ceb24cd20a
SHA256

3a994c7c2e0700b43c5106c4ffc206833cc9acb6c3e5daf1adf99dabde2b08a7
SHA512

50290f85ff63016620c73a66af048f6933c8664b0e7e70a05759b73f93b86070248eb792545a299033441fbfee7366ff49f0dffa7f2b98cfc95fcf7ddb076a8d
SSDEEP

3072:1/lfGjauIGfpVeAga7o2QdA9r6MRHRKN29QODMyRBPSouKve/RzGXnlnHybKDD:1/4acf7/U2Qu9WMBwQ9QOIyCouYZHdD

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u8u4

Decoy

directoramannautiyal.com

ledjiliang.com

neowa.xyz

cpsta.online

mythosophia.com

yz0556.com

recruit-job-design.com

elevenwakeschool.com

starkstyles.com

unmundoincierto.com

halfermafia.com

syams.tech

ngobryles.com

amaphanta-online-auctions.com

harmonicdestinations.com

wecircle.chat

rohash.com

boundlessoutdoorfitness.com

lazyacrescharolais.com

retrocoat.com

Targets

- Target
  
  SOA May-June 2021.bin
- Size
  
  200KB
- MD5
  
  d973534dc3a312d0d9c41ac8ec2bc268
- SHA1
  
  9238d84eaa796014f88905f8b5b7ca4211b140c2
- SHA256
  
  12c961f1b5f752a22c1a3085fc2447749572fbcb35b3c6e46f6fa310b19572b7
- SHA512
  
  409f19a5ac8bcf4e3b61e8223bc9d7a65ea7ce02cbd2ff998a84fb5587bc2e2ae9eb477f735c5a750ba0cff93bfd4bb552dae30aef237af5ba959ef1ac6e7b7b
- SSDEEP
  
  6144:wBlL/LyHixQWMSrs+THCK+Q3VUe/NgxoX:CpyHixQ1SrsxQlU8Ngu
Score

10^/10

xloader u8u4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4