xloader

General

Target

JaffaCakes118_9c7600acbd54dc47b8a0615fb75d72dfc84e78266f1c8a0059520e57a97dca91
Size

249KB
Sample

241229-hs1tyswlcr
MD5

88993e7728887977dbe9b1984629789d
SHA1

6ccb26b5742cd4574c26eb5b568ee589a78449c5
SHA256

9c7600acbd54dc47b8a0615fb75d72dfc84e78266f1c8a0059520e57a97dca91
SHA512

6640c47c37841bac065c6214c03e0a07337a3efe3fa891e883cd1295c915cd70f859be78449535092a8a213cfc54e59743125a15ba691d4aae6343e6946ef99c
SSDEEP

6144:pl6idg+Q1+FtjU2SqX9VJo0fGT+S5QXt/rxX8:agQAjUXu9buTYXJ18

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

er3b

Decoy

mapaccelerated.com

deanartpg.com

southboundsisters.com

ocstutoriales.com

sappe2france.com

morethanentertained.com

kees3d.com

jjsuzuki.com

heroldmion.com

globeheattreaters.com

ompassionatetelemedicine.com

pacificwestsurrogacy.com

eaplsy.com

lccdqrvgw.icu

collectorcarshop.com

438tamarack.com

gokuid.com

jessicavelasquez.com

avanthomeinspections.com

thebrushstory.com

Targets

- Target
  
  Scan_00003984849905654356.bin
- Size
  
  365KB
- MD5
  
  29eaa8092a2847b8b13922f9e97441a0
- SHA1
  
  36ef99adb92e1ed025a47c5edb9a8a373dbafb0e
- SHA256
  
  9c24cb754ba7bd9c72075bb67b4254763a891a0086316f9217c3f247d84cff61
- SHA512
  
  b37099aff517abe64c7f1837e82a90ab767c0215947159c84ef91de55018006e13fdad7a2eb64a59a6ae7fa9d39c2c0f018b8d22496661551b0ae9dae314393b
- SSDEEP
  
  6144:UPAObj0k20+ZfFzB5xNb47b1AMGXX9WjMilj/OojjE7T1DpnwmNfSle8Vdv3j/:UP1bY8+ZfFzBtbYAt9EMiF/o7pFwmNfC
Score

10^/10

xloader er3b discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2