xloader

General

Target

e3cafecde4e7f884fb0a05a85dd018458e8751e0ab131217eafb8bba38750e44
Size

237KB
Sample

230129-1c92ssfa3x
MD5

82c86dbc4be9873c9d7f773c371d5a3c
SHA1

d051bd168855c25999de5d13688bfd62bcf58098
SHA256

e3cafecde4e7f884fb0a05a85dd018458e8751e0ab131217eafb8bba38750e44
SHA512

3dc86335e60719f19b5ee0ee57caa48e2ead7e26a06667f0292ae73a53e46d7fdec222636b7a2370f292fd00e2e9e9a04d0518ce8d7b0153e45ab43ba3bd1332
SSDEEP

6144:AsJeHC202Fx/8DbGbppIQawYy+NvpkwBYDktba181t:HeHX0YabCppZ73+NKwBQktba181t

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m3de

Decoy

ad-unity.com

republicans2032.com

blackculturewriters.com

wallnewphoto.com

etripideas.com

solarphlare.com

consultoranexo.com

hayasalon.com

pillowcasefactory.club

service-manbzcsexer.com

medicinerx.today

oliviarescigno.com

tomcruise.club

tetsim.com

atonalai.net

malcomsons.com

straitskids.com

luca-cci.com

pero.financial

wowbdshop.com

Targets

- Target
  
  e3cafecde4e7f884fb0a05a85dd018458e8751e0ab131217eafb8bba38750e44
- Size
  
  237KB
- MD5
  
  82c86dbc4be9873c9d7f773c371d5a3c
- SHA1
  
  d051bd168855c25999de5d13688bfd62bcf58098
- SHA256
  
  e3cafecde4e7f884fb0a05a85dd018458e8751e0ab131217eafb8bba38750e44
- SHA512
  
  3dc86335e60719f19b5ee0ee57caa48e2ead7e26a06667f0292ae73a53e46d7fdec222636b7a2370f292fd00e2e9e9a04d0518ce8d7b0153e45ab43ba3bd1332
- SSDEEP
  
  6144:AsJeHC202Fx/8DbGbppIQawYy+NvpkwBYDktba181t:HeHX0YabCppZ73+NKwBQktba181t
Score

10^/10

xloader m3de loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2