xloader

General

Target

JaffaCakes118_08ae4dd275718d077172abb99be15464
Size

334KB
Sample

250106-crmcaaspet
MD5

08ae4dd275718d077172abb99be15464
SHA1

cf99068f0ea4acafc515fbe334a71e62401ac757
SHA256

7716fec715a46b0eb4518d53703b0fc2186e6a473a876de7aee9155ec289f93a
SHA512

6fca40792388c3047701dd1a24854b420aaba8fb194dee35b58cecdaf57a65f6f843b77fe4ce1d89aee8cfd553d516afd76cefbc1b96349d3890015f191d1d42
SSDEEP

6144:VBlL/kE286EZd6JrL/TMo1HjvHuFgDJI8mpVObrdtGf7Ypk0TwjenBRN:D6E2864eM7YI8frdtGfEpkOwjkT

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u3ja

Decoy

emiratescomm.net

whattodotenerife.com

bspq-jlcd.com

torobesttanker.info

projectcentered.com

agglog.com

francesbypoppy.com

lakenormanpilates.net

chaseatms.com

bendarlingart.com

blogjust.xyz

wodeluzhou.com

p6ynwcxrxetb.biz

servpix.com

eddysearthmoving.com

rvafootcarenurses.com

contessa.store

jasonconcerttickets.com

umldbe.xyz

noroesteremotos.online

Targets

- Target
  
  JaffaCakes118_08ae4dd275718d077172abb99be15464
- Size
  
  334KB
- MD5
  
  08ae4dd275718d077172abb99be15464
- SHA1
  
  cf99068f0ea4acafc515fbe334a71e62401ac757
- SHA256
  
  7716fec715a46b0eb4518d53703b0fc2186e6a473a876de7aee9155ec289f93a
- SHA512
  
  6fca40792388c3047701dd1a24854b420aaba8fb194dee35b58cecdaf57a65f6f843b77fe4ce1d89aee8cfd553d516afd76cefbc1b96349d3890015f191d1d42
- SSDEEP
  
  6144:VBlL/kE286EZd6JrL/TMo1HjvHuFgDJI8mpVObrdtGf7Ypk0TwjenBRN:D6E2864eM7YI8frdtGfEpkOwjkT
Score

10^/10

xloader u3ja discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/hibvy.dll
- Size
  
  47KB
- MD5
  
  9381e2c18571e30359ade2d7f7b4c924
- SHA1
  
  e461e74f442f2539b9a6064b078f4bcc51829bdf
- SHA256
  
  ca8b8880222f1ebd8b4840c22b429a680fe93957effc1bc02817322229713f68
- SHA512
  
  21ca9702c8c3d04aeea5f0e8799503295883b02c26eb8f21f9eee8b07d1c67280be8d08e9c6f24c883ed6cef61bbd4c21bb9c0ceba4adefa57e77bb350ed9c52
- SSDEEP
  
  768:y975Ow3AxjNV1Qv0Sl3cHle0vzdKNnhx9YfVoltso9rxKGSQd9qKOb:y977mjNV100gWemz4dhTYfVoltso9rxO
Score

10^/10

xloader u3ja discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4