xloader

General

Target

caef43005c868d12fe0145b5929c932c22f06866aef736540129f3c9ff47bcfc
Size

1.2MB
Sample

220824-e1fl7sgbbj
MD5

b28c7d466bb92df3cf8c455330973f6e
SHA1

1489a2f8bfb744f1500fca77b495238702fd888e
SHA256

caef43005c868d12fe0145b5929c932c22f06866aef736540129f3c9ff47bcfc
SHA512

4ad923f03e70e53cc126b9b5ac6f59376d2df0af72c18cd5728279cb0cb6959e272a557ce6609ac8d372fdf282dc7ba1e46c053112aa27cb1bce08ced18de362
SSDEEP

24576:fLMUn/7VqetUSMQksVP1M2iJUaYHxxT5VNKktFeaVEU7WBlFTUYf:jBNU5QpJ0WR5NKkP3ynn

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

vweq

Decoy

liharyo.store

irts-byscioteq.com

364665.com

doorknob.xyz

flowerempire.online

wintec-beratung.com

samadidentalclinics.com

rachelallencounseling.com

luprs.online

dcyshopingit.website

dadagaga.group

modayunpocomas.com

yishanone.com

zaqqerr.com

mojavestack.com

investors-field.com

villanewinsxr.com

sdlanyutu.com

inno-link.tech

shuangyingmaoyi.com

Targets

- Target
  
  報價請求_RFQ392.exe
- Size
  
  2.0MB
- MD5
  
  fa6e9bca0542cf130243d2f4c1506856
- SHA1
  
  65fb359ae215690f661923df888d2386dc84fc70
- SHA256
  
  c34d90cc87cc702b5f77575122abf12e206c5ce63afc649eba6a31b21075da36
- SHA512
  
  ac54b6e488f1d079a38a76de2f66fabb597fc028892f73fbeadf01ee1849ae820b46edd536f61990dcb4b467d24d035216030d2767a6fb417b778985214357da
- SSDEEP
  
  24576:kwY6C9Uv4vtlINB80lK2qKGXqAQJ7MUSR2yL4YcKbhV/tLAykxWw+/4t+k:CttlIL80lthAWMLhp4
Score

10^/10

xloader vweq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2