xloader

General

Target

JaffaCakes118_853ef1dd6f3f39f1cb4730d5b4c92788
Size

481KB
Sample

250105-cs6gjsxrgw
MD5

853ef1dd6f3f39f1cb4730d5b4c92788
SHA1

d21e15ce6e8792f4f643601d1ad1173c87e882be
SHA256

03bef4cce37594b14884c28536f8247413f51286388528e6f0c6c6de27106cde
SHA512

d5f17a2c0d920a843e21a60598080b801acbe966226debd25016651192853c38ca8091a620d328d0c48de31139136a2327cb1fbb9f12821c079e834120b4a50e
SSDEEP

12288:M1nTXR0DY3UKZ9nBkOCOaw30ChpYzVEfFn+rzh1TqvX9slNVH9f3gWo84y626L/T:cnzjqo3j

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

g2pg

Decoy

xzq151516.net

ijournaltnpasumo5.xyz

hoclconsultantions.com

orcasdefense.com

businessvalues.online

popkidscollection.com

xn--sargelinemlak-59b.com

filmschool.asia

yalding.com

az-property-solutions.com

dnahotcars.com

cunnters.com

rkmuscles.com

artshowespelhos.com

tagfat.online

kenganashura.net

ayelenpsicologa.com

hotelmipetate.com

etuwrestling.com

von-wehner.com

Targets

- Target
  
  JaffaCakes118_853ef1dd6f3f39f1cb4730d5b4c92788
- Size
  
  481KB
- MD5
  
  853ef1dd6f3f39f1cb4730d5b4c92788
- SHA1
  
  d21e15ce6e8792f4f643601d1ad1173c87e882be
- SHA256
  
  03bef4cce37594b14884c28536f8247413f51286388528e6f0c6c6de27106cde
- SHA512
  
  d5f17a2c0d920a843e21a60598080b801acbe966226debd25016651192853c38ca8091a620d328d0c48de31139136a2327cb1fbb9f12821c079e834120b4a50e
- SSDEEP
  
  12288:M1nTXR0DY3UKZ9nBkOCOaw30ChpYzVEfFn+rzh1TqvX9slNVH9f3gWo84y626L/T:cnzjqo3j
Score

10^/10

xloader g2pg discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2