xloader

General

Target

JaffaCakes118_ccbe9e305f5ba3d97682fe5ebd634799f9d84004b5781d16a9e65fdd60020394
Size

460KB
Sample

241229-ppdcta1qfj
MD5

1cda719751579ed754a0191f5210c446
SHA1

5e569c63216b340f9cda352869ac20460d4faf18
SHA256

ccbe9e305f5ba3d97682fe5ebd634799f9d84004b5781d16a9e65fdd60020394
SHA512

18a89cdc96d31272e00bc93f9153fdf010f94343fc29150329eea04ae63dbb2e38e213d8ab635ccbe2c87f224b0e6217bfac34d34388679cb09d5d9391ca389c
SSDEEP

12288:QYQboZXnk78GgXCL51RHWZMk7Nxix3E4Xv:HQb23CgyLNWV7NU04f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

p980

Decoy

iwantgoddessevelyn.com

attorneysiraq.com

stfairytale-gakuin.site

mybazaartrip.com

alexjrtransport.com

present-sense.store

bigbucks4you.com

westernwings.info

qrs4u.com

knightsbridgehouse.com

fanamfoods.com

ediblesareincredible.com

revinedbypao.com

psychsolutionsofdurham.com

xn--mykyr-kra.com

sweettreatsepiceats.com

quarnetta.com

femaletopic.com

rockstoneofblue.com

btbaidu.com

Targets

- Target
  
  john.bin
- Size
  
  501KB
- MD5
  
  f5dae2c70407ffa5383fd9fe6442e681
- SHA1
  
  b6d90585000081f040f415ec33199e485888dd1c
- SHA256
  
  d88a92e9507b6a45dad8c21cdae0abe7a6a97c3f4b8e2d692267a967317e26cd
- SHA512
  
  a69a23de5abc7518098a3ad9be8606cb3ce2f45fb8506e019156c1ed5c9d3cbfac3adbba520921f08ff5ae3879f610649b74c297417024bb6632ab6f5e76e405
- SSDEEP
  
  12288:0ZaxyU/MCq+2YNinizhdwKMJr5fkR8ZGA7gBQWTHMMs4nEmrAQH:0ZIL/V52Oish+KMJVfkR8/1M/nFH
Score

10^/10

xloader p980 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2