xloader

General

Target

JaffaCakes118_29e7355c628a7a78b16352716e91478e
Size

382KB
Sample

241231-vg12ssslhq
MD5

29e7355c628a7a78b16352716e91478e
SHA1

d0df5f3c5ee365066bd33bedf21da2ea2648ea80
SHA256

88bb9d0ecb52c0d5a024287caa7bdf03502ed536728988e6af7290399c873cb4
SHA512

70138973df0675cb7a6323e0bbf9387edaa129df084c7a562cd6da4adebb8dc552d33c69e2367b36397e7961051da6cc434ac5bf35d17cbfb1592386297fbfc5
SSDEEP

6144:NglMHyakSXOssSlPJwHq5N1/th1qCr+nVqXPovMtkGyMLgFLz+ycl1banWtx4kW:NgyZZlkq5NHhgDnkXVpLaX+

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u4an

Decoy

charlottesbestroofcompany.com

gxzcgl.com

easyprints.xyz

hitmanautomation.com

play-to-escape.com

beansmagic.com

lianxiwan.xyz

nuhive.net

whystake.com

n6h65.online

emergencyprep4cast.com

peolinks.com

8ls-world.com

tezportal.net

trych.net

bathrobeconnection.com

quinnwebster.top

sagarmakhija.online

ladiesgossiping.com

400doultonct.com

Targets

- Target
  
  JaffaCakes118_29e7355c628a7a78b16352716e91478e
- Size
  
  382KB
- MD5
  
  29e7355c628a7a78b16352716e91478e
- SHA1
  
  d0df5f3c5ee365066bd33bedf21da2ea2648ea80
- SHA256
  
  88bb9d0ecb52c0d5a024287caa7bdf03502ed536728988e6af7290399c873cb4
- SHA512
  
  70138973df0675cb7a6323e0bbf9387edaa129df084c7a562cd6da4adebb8dc552d33c69e2367b36397e7961051da6cc434ac5bf35d17cbfb1592386297fbfc5
- SSDEEP
  
  6144:NglMHyakSXOssSlPJwHq5N1/th1qCr+nVqXPovMtkGyMLgFLz+ycl1banWtx4kW:NgyZZlkq5NHhgDnkXVpLaX+
Score

10^/10

xloader u4an discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2