xloader

General

Target

SecuriteInfo.com.Trojan.GenericKD.61638470.5680.17006.exe
Size

490KB
Sample

220901-czp35sghb6
MD5

d310668e05d5cd2b883c7635b8478ac3
SHA1

ffe307ef53f4fc5f0d32309dd4193273dae58bdc
SHA256

770aee06bb2c48271eaaa6af3d44ac3c590f1a372007d1c92591ae65c053e682
SHA512

fd1275cbba17c27496a5e395699b7fea0e3478631613d861d16f68e3bc1e16d5ed3fc158af62f61a072a964cbd372885baaf518ae455c5c9614e9cee639f2198
SSDEEP

12288:DX942IWQ20shxEXFktUQDNGkkkkkkkkkkBWC/ZX6:L9lBhheVktUQDJ9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

zgtb

Decoy

gabriellep.com

honghe4.xyz

anisaofrendas.com

happy-tile.com

thesulkies.com

international-ipo.com

tazeco.info

hhhzzz.xyz

vrmonster.xyz

theearthresidencia.com

sportape.xyz

elshadaibaterias.com

koredeiihibi.com

taxtaa.com

globalcityb.com

fxivcama.com

dagsmith.com

elmar-bhp.com

peakice.net

jhcdjewelry.com

Targets

- Target
  
  SecuriteInfo.com.Trojan.GenericKD.61638470.5680.17006.exe
- Size
  
  490KB
- MD5
  
  d310668e05d5cd2b883c7635b8478ac3
- SHA1
  
  ffe307ef53f4fc5f0d32309dd4193273dae58bdc
- SHA256
  
  770aee06bb2c48271eaaa6af3d44ac3c590f1a372007d1c92591ae65c053e682
- SHA512
  
  fd1275cbba17c27496a5e395699b7fea0e3478631613d861d16f68e3bc1e16d5ed3fc158af62f61a072a964cbd372885baaf518ae455c5c9614e9cee639f2198
- SSDEEP
  
  12288:DX942IWQ20shxEXFktUQDNGkkkkkkkkkkBWC/ZX6:L9lBhheVktUQDJ9
Score

10^/10

xloader zgtb loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2