xloader

General

Target

JaffaCakes118_a32e79dcad4c868bc10bfdeab338df0e
Size

393KB
Sample

250108-q7xd3svmbj
MD5

a32e79dcad4c868bc10bfdeab338df0e
SHA1

04857cca8fbe7bd42aa3d84ef3bcd33b3b30fcc5
SHA256

7c26ebe0a844a8d277ee28d1e854367424b74fbfc8a52273ed2fcf8c731cc1f0
SHA512

778a244de107fae2e715acf8cdd0bfed2664c0683bb4e22bf6fd60e3184892ac7f6e11f8ffd6c356de4fc25a76302f092716612d846cc1e312b88083a0e988c4
SSDEEP

6144:ZNaPPOCrbkw9IAThi+w0unsT/X1MKNQhRdPCXV3TOihY:ZNajrbkmBtiV0uFKCjdqXV3U

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

n6be

Decoy

earth-service.net

travellucian.com

directregelen-nl-nl.icu

nnpec.com

limaslandscaping.com

solmep.info

ncnxjk.com

hegujoc.xyz

4-artists.net

wonderifthisworks.xyz

littlecreekacresri.com

theledgym.com

bmgassist.com

aidatimdenizimden.com

shozblog.com

compassionatecuddling.com

rockycellularllc.com

uberautos247.com

jedoethetzelf.online

6865321.com

Targets

- Target
  
  JaffaCakes118_a32e79dcad4c868bc10bfdeab338df0e
- Size
  
  393KB
- MD5
  
  a32e79dcad4c868bc10bfdeab338df0e
- SHA1
  
  04857cca8fbe7bd42aa3d84ef3bcd33b3b30fcc5
- SHA256
  
  7c26ebe0a844a8d277ee28d1e854367424b74fbfc8a52273ed2fcf8c731cc1f0
- SHA512
  
  778a244de107fae2e715acf8cdd0bfed2664c0683bb4e22bf6fd60e3184892ac7f6e11f8ffd6c356de4fc25a76302f092716612d846cc1e312b88083a0e988c4
- SSDEEP
  
  6144:ZNaPPOCrbkw9IAThi+w0unsT/X1MKNQhRdPCXV3TOihY:ZNajrbkmBtiV0uFKCjdqXV3U
Score

10^/10

xloader n6be discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2