xloader

General

Target

JaffaCakes118_e2827700e9676ad0d4b734d5f4a221b3
Size

685KB
Sample

250110-m2rd4asmgz
MD5

e2827700e9676ad0d4b734d5f4a221b3
SHA1

2997b29050c7e44072f886705cbd4be6a3edda97
SHA256

a8ea6b5e7721a2d508d362f9e75fc38fe3b845375c358829ef0604cc2345aa13
SHA512

d16e61c88eb9c32fd1c74b4893fb08092bbca5ae17f4275eecd7bc2352dad0904e4dc603be4747e0a9460507187e2bad78a51ffc055cb9b2b7baebff550abbd2
SSDEEP

12288:FRZHIUoN4rfIpj+fvRwIyizYi98wUpAeeqRVTHOi5xNZEraoosn:F3oUoNe8Knnyij98wieqnt

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

k8u7

Decoy

ly3389.com

biggergrip.com

guitarbadon.net

zbjiachuang.com

maaratechnology.com

perdiemsuites.com

israel-grahamcoates.com

blackbirdfarmette.com

klhobbies.com

locdinzone.com

bestinvest-4-you.com

howtofindbantingbalance.com

kairoslabs.online

hteaz.com

banjjakdesign.com

reworkgear.com

oklahomaexcavation.com

tenloe051.xyz

blockchainpress.info

panchotrucking.com

Targets

- Target
  
  JaffaCakes118_e2827700e9676ad0d4b734d5f4a221b3
- Size
  
  685KB
- MD5
  
  e2827700e9676ad0d4b734d5f4a221b3
- SHA1
  
  2997b29050c7e44072f886705cbd4be6a3edda97
- SHA256
  
  a8ea6b5e7721a2d508d362f9e75fc38fe3b845375c358829ef0604cc2345aa13
- SHA512
  
  d16e61c88eb9c32fd1c74b4893fb08092bbca5ae17f4275eecd7bc2352dad0904e4dc603be4747e0a9460507187e2bad78a51ffc055cb9b2b7baebff550abbd2
- SSDEEP
  
  12288:FRZHIUoN4rfIpj+fvRwIyizYi98wUpAeeqRVTHOi5xNZEraoosn:F3oUoNe8Knnyij98wieqnt
Score

10^/10

xloader k8u7 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2