xloader

General

Target

JaffaCakes118_c0e07faebfd4b0977ac802e3bc73958a
Size

425KB
Sample

250109-gx4kzatmak
MD5

c0e07faebfd4b0977ac802e3bc73958a
SHA1

0277d0bc9bc70b7b013adb9e7500dd0cbd0b863e
SHA256

506458aaeef61f70cf73da3d71d5452cd859cfd9fbcc7cf515d27265ace2421d
SHA512

7ce148455e4a6152ac5ede04e595cafcb5e9363efc0d79552726a34fc1b7b595028758774d4358f581ec12a1a0a8823e5aa2dcc226a20763d32f17c95d6aa752
SSDEEP

6144:i6Uqd2GhNOQVwKtCcaEyfM2Q4NmbBggh13Rtm1DnMaKvzmr3:fUi2iNOQVlVPOTpqBtUDnMamQ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euzn

Decoy

235296tyc.com

gold12guide.art

baibuaherb.com

weberwines.tax

chezvitoria.com

aidenb.tech

pitchdeckservice.com

surgeryforfdf.xyz

workunvaccinated.com

hrtaro.com

yourotcs.com

sonimultispecialityclinic.com

consultantadvisors.com

pentesting-consulting.com

dantechs.digital

longshifa.online

taweilai.net

imyusuke.com

cashndashfinancial.com

fasiglimt.quest

Targets

- Target
  
  JaffaCakes118_c0e07faebfd4b0977ac802e3bc73958a
- Size
  
  425KB
- MD5
  
  c0e07faebfd4b0977ac802e3bc73958a
- SHA1
  
  0277d0bc9bc70b7b013adb9e7500dd0cbd0b863e
- SHA256
  
  506458aaeef61f70cf73da3d71d5452cd859cfd9fbcc7cf515d27265ace2421d
- SHA512
  
  7ce148455e4a6152ac5ede04e595cafcb5e9363efc0d79552726a34fc1b7b595028758774d4358f581ec12a1a0a8823e5aa2dcc226a20763d32f17c95d6aa752
- SSDEEP
  
  6144:i6Uqd2GhNOQVwKtCcaEyfM2Q4NmbBggh13Rtm1DnMaKvzmr3:fUi2iNOQVlVPOTpqBtUDnMamQ
Score

10^/10

xloader euzn discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2