xloader

General

Target

JaffaCakes118_ff25d089ae0d0281fbccc36c9c56f0812abaf8b0f05a6f26015c88ed97948ad5
Size

605KB
Sample

241230-flgfmaynew
MD5

2d253c3f432ac3405c63058b797e3205
SHA1

842c7e31427fc73e162315f28ded970b375aa7fb
SHA256

ff25d089ae0d0281fbccc36c9c56f0812abaf8b0f05a6f26015c88ed97948ad5
SHA512

5bc31de8206752f2a9615c788a3346c2158e51a4ca89e3f6f1eb9c9a7e70fe56d879dd4f972de32fa818d3e0d822e3e4c478fdaca6be65cdfc84dbe9b9ffba8e
SSDEEP

12288:Rfj9YE1ghV4Hd6LGjGSN3Q88wvFf/iyuXLUBb98pHLG5Q7K9f37:RfjyEaQCGaSNRJ/hyLUz85C5Q7K9f37

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rvoe

Decoy

frogsstoreonline.com

emprendedorasdehogar.com

buseselvi.com

test-chase.com

redevelopment37subhashnagar.com

teacheex.com

trabzonlife.com

pfriendship.com

wholesomepantrys.com

chrislambright.com

companysoftwaresmount.com

daylamiagency.com

emoblow.com

lesbicas.online

muhamadruli.com

lkpayonline.com

aymankatwa.com

illuumi.com

finegoodses.store

patcoins.com

Targets

- Target
  
  INQ8593.exe
- Size
  
  689KB
- MD5
  
  a23fbcbae306780f4c604238423ffc5c
- SHA1
  
  28f95c0f8ad0c220549a529dd993b234d8e4a053
- SHA256
  
  6f1865688d1744c4b955e994613d042146f366732e420290da38623c23a24fd1
- SHA512
  
  79311359d95217a2c91fb8ff5020bb053e3c761a9198ac6901505d3fbd70eb4308e5644b1673ce5808c748b16b71a29d600b339020b658f8cd33e376f89a4d7a
- SSDEEP
  
  12288:oXe9PPlowWX0t6mOQwg1Qd15CcYk0We1nF0uxjFhHgoYokcXkfT4/9c:lhloDX0XOf4vYpc+Gy
Score

10^/10

xloader rvoe discovery loader rat upx
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

AutoIT Executable

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2