xloader

General

Target

JaffaCakes118_cadf879ded4e6a753d7b172b77bce50d
Size

253KB
Sample

250109-r5kg6sslg1
MD5

cadf879ded4e6a753d7b172b77bce50d
SHA1

ab4f8431c170d75040d8b2984f5e7eadeeeedab9
SHA256

18e91cbaa2d04fa969e97e947ccd011d494f68eb6375b067f0342a7765fb3119
SHA512

c685444886b555978228cd2fb47b0725b25443b8fcd19be70f804a5bf433ebc9a35291ea33edf6fcc9030fcd26a89009a3b223c39432a001842494b20bf5f5d7
SSDEEP

6144:wBlL/chMcQPqiO39fzYQZAuA+7Fzn611zg46LxEggx:CehMcQStt0cAu57pw1zlYxEPx

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

d6pu

Decoy

ifixcreditatl.com

productgeekout.com

electricvehicle-insurance.com

kuiper.business

cloudenglabs.com

gorbepari.com

collecthappy.com

amykrussell.store

clubhousebusinesscourse.com

aplussinifiklima.com

slewis.design

atticwitt.com

galenota.com

griphook.xyz

gsjbd1.club

bootystrapfitness.com

emflawrhks.com

alternativedata.investments

eyehealthtnpasumo3.xyz

naturanzaec.com

Targets

- Target
  
  JaffaCakes118_cadf879ded4e6a753d7b172b77bce50d
- Size
  
  253KB
- MD5
  
  cadf879ded4e6a753d7b172b77bce50d
- SHA1
  
  ab4f8431c170d75040d8b2984f5e7eadeeeedab9
- SHA256
  
  18e91cbaa2d04fa969e97e947ccd011d494f68eb6375b067f0342a7765fb3119
- SHA512
  
  c685444886b555978228cd2fb47b0725b25443b8fcd19be70f804a5bf433ebc9a35291ea33edf6fcc9030fcd26a89009a3b223c39432a001842494b20bf5f5d7
- SSDEEP
  
  6144:wBlL/chMcQPqiO39fzYQZAuA+7Fzn611zg46LxEggx:CehMcQStt0cAu57pw1zlYxEPx
Score

10^/10

xloader d6pu discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/zntsolrgxs.dll
- Size
  
  38KB
- MD5
  
  fe76b0ef249aebd98f82d6437721c047
- SHA1
  
  b1d40595e05da9c6f8627885b36177d4ecd54f21
- SHA256
  
  39724fa50de7a8937dec84a3f00fe23c9dea895d312bdce8133db18f15ee1a81
- SHA512
  
  abff3bc26f23c3c864bca8bb4ef1191278bb88bf5d604db949a822fc98525bcecdc21acceffbca1aae5557c8a13e9e15092837bc1c16b3ec2d03c6b3fc8fd725
- SSDEEP
  
  384:429M1kCo19eJhv2BqFKrtR1836QF0q5knzxRCT+7BoY3Vq5b1520IVXOFCfl:4rQ19eJhDFKJ7arF0gkpoY3w5baVMA
Score

10^/10

xloader d6pu discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Loads dropped DLL

Suspicious use of SetThreadContext

Xloader

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4