xloader

General

Target

JaffaCakes118_204f9f355c396170f187ffc7091f2224
Size

509KB
Sample

250106-ncn34sxmbq
MD5

204f9f355c396170f187ffc7091f2224
SHA1

62d2f15b10a9173148fc979d233110dd2c2f5289
SHA256

abd8a353aae6c85dc61384478bdf6e7c8d273f55b8e424287a495022718f318a
SHA512

2b16af242075f35b958e0196875b8f6803454126f03ff0ce2d37afec72b401b657d42bf1414ee1e2554f44e28966e162bd0143adf4f6d3b2a7b1853cd68b5372
SSDEEP

6144:hGxhLyIIr7vfEMq2erzNAbDvlvvY5Q+Ug0ndtZdHfvywOmb1XjCLMHkUF:AKP/f7fer4DNvvYpz0n7ZYwOmZXjCL/

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cuig

Decoy

sofiathinks-elderly.net

lahamicoast.info

2shengman.com

cbsautoplex.com

arcana-candles.com

genrage.com

kukumiou.xyz

thequizerking.com

sonataproductions.com

rebuildgomnmf.xyz

ubcoin.store

yiyouxue.net

firstlifehome.com

mdx-inc.net

gotbn-c01.com

dinobrindes.store

jcm-iso.com

cliente-mais.com

mloujewelry.com

correoversoi.quest

Targets

- Target
  
  JaffaCakes118_204f9f355c396170f187ffc7091f2224
- Size
  
  509KB
- MD5
  
  204f9f355c396170f187ffc7091f2224
- SHA1
  
  62d2f15b10a9173148fc979d233110dd2c2f5289
- SHA256
  
  abd8a353aae6c85dc61384478bdf6e7c8d273f55b8e424287a495022718f318a
- SHA512
  
  2b16af242075f35b958e0196875b8f6803454126f03ff0ce2d37afec72b401b657d42bf1414ee1e2554f44e28966e162bd0143adf4f6d3b2a7b1853cd68b5372
- SSDEEP
  
  6144:hGxhLyIIr7vfEMq2erzNAbDvlvvY5Q+Ug0ndtZdHfvywOmb1XjCLMHkUF:AKP/f7fer4DNvvYpz0n7ZYwOmZXjCL/
Score

10^/10

xloader cuig discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2