xloader

General

Target

JaffaCakes118_9e42cf7fc9f74a5520a5d5640e2d1b71
Size

417KB
Sample

250108-n7p9na1ndr
MD5

9e42cf7fc9f74a5520a5d5640e2d1b71
SHA1

98d464c85d8aa551a323e4eb7ee406b475abbeb3
SHA256

96b43f3ffc75b8b79f4e3b4bd5504123cd6005c0158321defe7d534e345a29d5
SHA512

12701b29cf82f82411a7898959ddb1922585c4d4a532ecd50fecb8c3651065705c460c477e8d461eea7e66a9cff4d5fe286077bba591b72003d9b96c04e06cd1
SSDEEP

6144:HuBpZ/BHaTfvTP3PrhHsTBVIjkjq9//HmJei88/gVsEAQGJqpOBhuhxu8r26yIb:0ZSvTPVHu0L5Qh/gVsEmBhuhxu8rF

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cda8

Decoy

ajiwechouf.com

chesterkturner.store

tanxiaoyouhongru.space

indiacbc.com

coricanteen.com

supports-teams.com

triandreas.com

fyonkaly.com

m-bald-lab.com

frankserranolaw.com

testedeployheroku.club

wasildelivery.com

stonebyparamount.com

mehmetmercan.com

digitalmarketingyou.com

luxuryrelocationrentals.com

xn--e1aqdnq.store

scw-group.com

onelovemarketingsolution.com

diygardenlife.com

Targets

- Target
  
  JaffaCakes118_9e42cf7fc9f74a5520a5d5640e2d1b71
- Size
  
  417KB
- MD5
  
  9e42cf7fc9f74a5520a5d5640e2d1b71
- SHA1
  
  98d464c85d8aa551a323e4eb7ee406b475abbeb3
- SHA256
  
  96b43f3ffc75b8b79f4e3b4bd5504123cd6005c0158321defe7d534e345a29d5
- SHA512
  
  12701b29cf82f82411a7898959ddb1922585c4d4a532ecd50fecb8c3651065705c460c477e8d461eea7e66a9cff4d5fe286077bba591b72003d9b96c04e06cd1
- SSDEEP
  
  6144:HuBpZ/BHaTfvTP3PrhHsTBVIjkjq9//HmJei88/gVsEAQGJqpOBhuhxu8r26yIb:0ZSvTPVHu0L5Qh/gVsEmBhuhxu8rF
Score

10^/10

xloader cda8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2