xloader

General

Target

JaffaCakes118_92263c20dbc47c2039e4bfd8507dc9e8a30ac61f99107727ee13b0d398a45da0
Size

356KB
Sample

241230-w7kceasrcp
MD5

1e1b2c40196d7ece76687fc3e27a779c
SHA1

49e92489d1f3440296fc893932fb673c8f8a058c
SHA256

92263c20dbc47c2039e4bfd8507dc9e8a30ac61f99107727ee13b0d398a45da0
SHA512

2f048b6ac9a2a1b07b3438bb70125e85e5e6647c85e1b479bce79a46d02b6ceae20dd34340743076d901bef89ae0b0d1b88b3895a1bd0587fa2c7c318b40e2d3
SSDEEP

6144:mzmNP2tpnQ/OksU3ke0LGyXf/U13nmtxihsIQhZCJO+f11f8NwVrg:ZCp+OzQU/UpmtxsQroPNpG

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

oeir

Decoy

blueryu.net

cindyfernanda.com

eparchys.info

suzettebrissettcreatives.com

lifesuccesspros.com

vasprovider.online

thedencannabis.info

superfashionkitty.com

yhhj66.top

plfashiongroup.online

pandemicky.xyz

glendorahc.com

2-3xevent.pro

ig-canlidestek.com

svavw.online

cadforcpq.com

my-happinessgoals.com

iledulahaut.com

ycvibecheck.com

minmarket.online

Targets

- Target
  
  2a54f922d3496201e6a737344cbf6cac0c1803a59cf4ce3111c831c32e1ce863
- Size
  
  519KB
- MD5
  
  b5cca9a0d4517e73fa2bb17c9f77f164
- SHA1
  
  5c654175925084aa0440be0fc54fe81fc52b4c38
- SHA256
  
  2a54f922d3496201e6a737344cbf6cac0c1803a59cf4ce3111c831c32e1ce863
- SHA512
  
  537bcae22b77c5b2b6b650e4a7437cc5c5a5a3635e98b0f8053c62026d312c0d0208aa923d75cd2b19151adc1773e980d88634d2afada560d29ca3ae529f0bdb
- SSDEEP
  
  12288:xkKkRwmjQt+TPbV7G/2Q3Aaz6ZTleAlRH5i:xkKkRwmjQ4TPb3uA00leAD5
Score

10^/10

discovery xloader oeir loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2