xloader

General

Target

JaffaCakes118_3e4d822608eabbd09ec42b37c1e935582e32e4f75a2d1248e261814faead9d4b
Size

460KB
Sample

241225-pyvnfstjbs
MD5

51a262fd5b8d86c7b2fd6ce8f967a3bb
SHA1

e63d4018866ca7ba679c9d53db9d916a848f8304
SHA256

3e4d822608eabbd09ec42b37c1e935582e32e4f75a2d1248e261814faead9d4b
SHA512

b40ec57074357b48f77441743c695b266b7393841aa281d9d6391531930a5bb6a7a31e0da964e6c943992d7becfbc035ce21543123e8c63a08329ce16c7b4b0f
SSDEEP

12288:/B4xWPDKxdTTmxvZBDC9m1A8KWclWd+gm2z1AGwMia:J4QmZm7BrTLcc+gm2z1Ar2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mwfc

Decoy

a-great-intl-voip-phones.zone

police-trust-security.com

415391.com

coi-sl.com

liming-steel.com

criticalracetheoryexplained.com

pintoent.com

columbusrx.com

clarktribe.net

texasforblanchard.com

musical.voyage

priyamblogs.com

employbridge.works

americanchessmaster.com

australiaaddictioncenters.com

drkell-yann.xyz

barryisdaner.com

frankkystein.art

aromatoto7.com

alsuwal.com

Targets

- Target
  
  2869e0c3e746c3baa787fb20464d3b4b286591d96f1ea89b8d852bcae32f4ef0
- Size
  
  495KB
- MD5
  
  1d4fd5f9ce67b9701527fe44c5c01328
- SHA1
  
  cd0b4fb2f1ba6d54310cd4cad70e375c7da3e5ef
- SHA256
  
  2869e0c3e746c3baa787fb20464d3b4b286591d96f1ea89b8d852bcae32f4ef0
- SHA512
  
  e43d10db454ab5d025f5043812c0ad116102b09230bb1b1e72760d000f9de41b172e1d6bccc05b5504fcf67ec0a2620275f85078f4adc3d7b2ec433ac498b0f5
- SSDEEP
  
  12288:3gfm1GNmrNm2r5t8v+vtrqt6QuQnKTrMqTUcvJbNm:mgHkSt0+vtBTrpUci
Score

10^/10

xloader mwfc discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2