xloader

General

Target

JaffaCakes118_93593989c0bf9dd07f10428708ae5e0c
Size

493KB
Sample

250108-je8hbasmen
MD5

93593989c0bf9dd07f10428708ae5e0c
SHA1

a31973ef0dd9245bed87735455f0c80fef0b58eb
SHA256

7723b67e715aa24be6507ffeb2e964d46e20c6e3cfc687d31ddc02a651208eaa
SHA512

f0c907210428ced03bb2c1b4bc005bb776487df684b571ee87658680b78456e9c86999257fb577b0adeaae46b649d8c3598ebd026d7c7e941ca016b0f36afc8e
SSDEEP

6144:TGxhLlpnIZEvncNe/eUMX5wDgllnaAd8FU0Cu5koEkGAZEd7R1Ruw4qNDfbJ5B:StyKV/eUMX60ZRaU0Cako60qVKwDf/B

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

g53s

Decoy

kosnac.com

tujaso.com

handmadealtrimenti.com

txclaimsguy.com

newonedrivedocc.com

11t.xyz

shawnliang.tech

worldigger.com

lesgitar.online

winlanddepot.xyz

mofangxx.store

8ls-world.com

localrelics.com

piccadeliquickup.com

rhinogroup.online

hxrhorend.quest

avtfitness.com

oakabbey.net

presox.com

bluegreendi.com

Targets

- Target
  
  JaffaCakes118_93593989c0bf9dd07f10428708ae5e0c
- Size
  
  493KB
- MD5
  
  93593989c0bf9dd07f10428708ae5e0c
- SHA1
  
  a31973ef0dd9245bed87735455f0c80fef0b58eb
- SHA256
  
  7723b67e715aa24be6507ffeb2e964d46e20c6e3cfc687d31ddc02a651208eaa
- SHA512
  
  f0c907210428ced03bb2c1b4bc005bb776487df684b571ee87658680b78456e9c86999257fb577b0adeaae46b649d8c3598ebd026d7c7e941ca016b0f36afc8e
- SSDEEP
  
  6144:TGxhLlpnIZEvncNe/eUMX5wDgllnaAd8FU0Cu5koEkGAZEd7R1Ruw4qNDfbJ5B:StyKV/eUMX60ZRaU0Cako60qVKwDf/B
Score

10^/10

xloader g53s discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2