xloader

General

Target

JaffaCakes118_65742020a34915e204448afb33bd0e2e
Size

401KB
Sample

250102-qsqb8awpar
MD5

65742020a34915e204448afb33bd0e2e
SHA1

c21c726683fe4469870de2696eec8b824cef965c
SHA256

e25be2c8b81539da9105c5bb4243ed37a8ded3cd6a1d15e2afec79418ebcfe85
SHA512

b95bdea2f744b15c9e27a55c8e3124af94b8d6f51aa08767b39ba47f323fd3c8bb25e5eb9bfd14e2c48d4d2870ff9aff2cdb2a46bf58eb5b880699243c22b982
SSDEEP

6144:6NPTWnndzk2VJuoEESdgruWAXvP/s81Khr2bCn6qkxuKY:6ZWnnR7JuoEES6aWA/Ihqboz

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

yjqn

Decoy

ittybittybunnies.com

flordedesierto.com

cum.care

petshomespace.com

verputzarbeit.com

yuvajanmat.com

getlie.com

finanes.xyz

thelazyrando.com

domelite.design

yukinko-takasu.com

pontosmensal.com

maurlinoconstruction.com

getelectronow.com

newmexicocarwrecklawfirm.com

gunnbucks.com

ncsy30.xyz

opsem.info

authorisewallet.com

scchanghe.com

Targets

- Target
  
  JaffaCakes118_65742020a34915e204448afb33bd0e2e
- Size
  
  401KB
- MD5
  
  65742020a34915e204448afb33bd0e2e
- SHA1
  
  c21c726683fe4469870de2696eec8b824cef965c
- SHA256
  
  e25be2c8b81539da9105c5bb4243ed37a8ded3cd6a1d15e2afec79418ebcfe85
- SHA512
  
  b95bdea2f744b15c9e27a55c8e3124af94b8d6f51aa08767b39ba47f323fd3c8bb25e5eb9bfd14e2c48d4d2870ff9aff2cdb2a46bf58eb5b880699243c22b982
- SSDEEP
  
  6144:6NPTWnndzk2VJuoEESdgruWAXvP/s81Khr2bCn6qkxuKY:6ZWnnR7JuoEES6aWA/Ihqboz
Score

10^/10

xloader yjqn discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2