xloader

General

Target

0b0d8df4742469c74d327bdae0f3490f_JaffaCakes118
Size

922KB
Sample

240624-2ps5gswcqd
MD5

0b0d8df4742469c74d327bdae0f3490f
SHA1

808e2879bddd5ba17b5397a25281820edceae745
SHA256

6acad13221b8e15e7d5bcd3f3705c8da7751550bc6e6bf42fc23d17d0eda1a50
SHA512

b55198c32af5fd16d06fe024eb896df1d79d7d0edacc49834a5c0afb0c344434b3d9666acc4215d40bfe6f71bf85bee434e6f3deda7c9d67a1a69b3a05ed4305
SSDEEP

3072:BBkfJpRXATwMdFCct+bYGTHbzgxXCXBMz8sfUKVIbzqMmLNer0ABJEREhwBCkXx1:BqjIQYGzghO3Ol68LMJQLHhTbt

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

9bwn

Decoy

italiancoastal.com

shareandfit.com

ibexacademia.com

guejek.com

vitalbizdev.com

connemaracomputers.com

surf-livre.com

styleforwoman.com

costcopaysecure.com

kingdomandqueendom.com

www-societegenerale.com

radiokerbfm.com

marylandstars.net

thechampionsday.com

beertenderb95.com

iybbshop.com

maglex.info

vh3g.asia

zaairobot.online

ryderhydros.com

Targets

- Target
  
  Consignment Document PL&BL Draft.exe
- Size
  
  330KB
- MD5
  
  0b1f9847d93445c91cdfe0c2dd6785c7
- SHA1
  
  198b30e2b098300ec51e2e7029ababff142a5e09
- SHA256
  
  e92125c96b4bee95fd7b70d867271510071f812699733de75dd5e64636030314
- SHA512
  
  1adaa0879bd697ba972fabe8c5407bbf8bf16ea6b55cfbdffd42128174d9f1d8ebe1444a927d0b2ae376563d927467599dfe4e254b096e0f55a5b810ff46fcc1
- SSDEEP
  
  3072:NBkfJpRXATwMdFCct+bYGTHbzgxXCXBMz8sfUKVIbzqMmLNer0ABJEREhwBCkXx1:NqjIQYGzghO3Ol68LMJQLHhTbt
Score

10^/10

xloader 9bwn loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10
behavioral3 behavioral4
- Target
  
  yrcvb.dll
- Size
  
  11KB
- MD5
  
  8d80a618809cc8ce5970b0839f0e2b5a
- SHA1
  
  34af09ca5aa646debe4d2bd06fd5b3c3b7a43b09
- SHA256
  
  f4163107f632e0b431c38652eb297733f4f01d37576100673a47370da9221159
- SHA512
  
  21bfab7002044c7b33d99de355b49357ae5c45c8781ae080a906c091621ab55e39444e3ecfe04345022ab214dd50f38df0387a3386e0442312cc614bc8b397bf
- SSDEEP
  
  192:s6/In3h0bUe1nJBmKESoXIIbzuStOiKazVWGUwkcU:s6ax0B1nJBbxojuStORazsV
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6