xloader

General

Target

JaffaCakes118_4c7822c2e24f0f87c644ef855ed20144
Size

413KB
Sample

250107-emr33stkd1
MD5

4c7822c2e24f0f87c644ef855ed20144
SHA1

7eba145e4ea7918332908cd4323eeb58829e8c9c
SHA256

5f5920df4b83a66723d5c807e410dd7aa4f8ffde2579c9fd0d2f2dc12d5643b2
SHA512

da98a22a9386e81ba5a372edf6c007168a9eb67c21f29ccb637067f2dc952499b23120f763e901063f0c30a50208c8ae69f28f32248c9be69a1be48b2bb7c5d3
SSDEEP

6144:OxhL63B/L5gv2/Lx6o2llJev9EuUmCB59TJV5Zo9dQVVze:OxhLMFGRS9EyCBvJVH82VN

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rca2

Decoy

bapzcosmetics.com

skillsgage.com

mingshiweiye.com

dcc-compliance.com

emprenbook.com

firn.site

haryanaricemil.com

fleetwoodfoods.com

jlnxhbkj.com

surajsanyal.com

jubakey.com

auroraunitedshippingco.com

propolis-surabaya.com

vasinvestments.com

breederschallenge.com

tafcoo.com

417motoringparts.com

livemis.com

drainassist.com

kristenguestart.com

Targets

- Target
  
  JaffaCakes118_4c7822c2e24f0f87c644ef855ed20144
- Size
  
  413KB
- MD5
  
  4c7822c2e24f0f87c644ef855ed20144
- SHA1
  
  7eba145e4ea7918332908cd4323eeb58829e8c9c
- SHA256
  
  5f5920df4b83a66723d5c807e410dd7aa4f8ffde2579c9fd0d2f2dc12d5643b2
- SHA512
  
  da98a22a9386e81ba5a372edf6c007168a9eb67c21f29ccb637067f2dc952499b23120f763e901063f0c30a50208c8ae69f28f32248c9be69a1be48b2bb7c5d3
- SSDEEP
  
  6144:OxhL63B/L5gv2/Lx6o2llJev9EuUmCB59TJV5Zo9dQVVze:OxhLMFGRS9EyCBvJVH82VN
Score

10^/10

xloader rca2 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2