xloader

General

Target

JaffaCakes118_6048d2cc24be326d2ede052bb52c19fa
Size

508KB
Sample

250101-yc13sazqfy
MD5

6048d2cc24be326d2ede052bb52c19fa
SHA1

7487e0fb9963efea59d55655679b77562b64c54b
SHA256

2115a61103609e2f05e93ad1f8a18a21ef5f9a718e765c7bd7fc91e2cf6ba619
SHA512

c2658fb9670de542543364fb0affe45046c5623e9271e09c89d21761749598df082404ba494b1f69c02df47aff339b237cc826ec9a3380176023d9e549a1c576
SSDEEP

12288:H9ALbkJzj+WT29ya1xUohYUsIXq0KaRegD5zE5KENGcm8Za:dO+zjX2sixqA7fegDxE5/Xm8Za

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

amb4

Decoy

ameerkabob.com

wenzhikeji.online

ktnsoil.xyz

dock7rods.com

simbaimmigration.com

tanahvilamalino.online

amaozn-co-jp.xyz

atahukukbafra.com

attruth.net

jigservices.net

310indianway.com

freelotto.online

mylanding-page.com

dudemealprep.com

wellmaintainedhealth.com

vitemonprenom.com

laurynfauntroy.com

pilotmom.info

arpatientsapp.com

sendangdigital.com

Targets

- Target
  
  czOxHskgIAQwZ8m.exe
- Size
  
  425KB
- MD5
  
  edb54a30972b862cfba8589bb1f67c7e
- SHA1
  
  7f3b9b36342bb863950e592063db38cd2c3f8bb9
- SHA256
  
  856b8775a8063900378a815cd03d0f9628c4296eddd93ac9e9cd52269178c079
- SHA512
  
  51f1e192a0f06472c5bf3da68e511d1112dd61a8a429aeb14c39e3d8e05b0448b5086d4367a2953b3dbbaa453faac63aa4319127aa9944e68334322cc6bc8f42
- SSDEEP
  
  12288:S0SrZ2vE4MtuTN6GLMX3a9sO81joauMuB3fj:Sf2vE9tuPgHa2O8hoauMuB
Score

10^/10

xloader amb4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2