xloader

General

Target

086bcd47c9a569afd16d8b8879a163949453443226f1630cba466cafed77acaa
Size

237KB
Sample

230129-1e2s7sdf26
MD5

2455a617024d49ae68c435985d7dbf9b
SHA1

856d528bf21a7f9b6f20813a9a333797f9c13922
SHA256

086bcd47c9a569afd16d8b8879a163949453443226f1630cba466cafed77acaa
SHA512

baecf84889f4a68ca1bcd1210161e183a93b21bb43088de9c4e93d89747922f1ab10d0b06b98115b41f38b1de4692efed86e62447b8398fd8fee791ddaa4e608
SSDEEP

6144:pZP85RoqMMk5AM6r6wKn5kXWkn2zXXtHD84NzHv7CdNc3KR7Dtn+IU3:pEQvSm5xkcHGgzONc3KR7Dtn+IU3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

idir

Decoy

c-creator.com

freeladoc.com

toluar.com

pathwaysnorman.com

saveme.xyz

espadanabours.com

turnthathitup.net

markdfoto.com

thebeverlywoodweekly.com

truonglocphat.com

fullyphantom.life

snippopotamus.com

snakby.com

atualizaaideia.com

zotbxtaxon.xyz

hombresalfa.com

veterinaryneurologue.com

thesynapsextinfo.com

elroyalebet10.xyz

supperbazaars.com

Targets

- Target
  
  086bcd47c9a569afd16d8b8879a163949453443226f1630cba466cafed77acaa
- Size
  
  237KB
- MD5
  
  2455a617024d49ae68c435985d7dbf9b
- SHA1
  
  856d528bf21a7f9b6f20813a9a333797f9c13922
- SHA256
  
  086bcd47c9a569afd16d8b8879a163949453443226f1630cba466cafed77acaa
- SHA512
  
  baecf84889f4a68ca1bcd1210161e183a93b21bb43088de9c4e93d89747922f1ab10d0b06b98115b41f38b1de4692efed86e62447b8398fd8fee791ddaa4e608
- SSDEEP
  
  6144:pZP85RoqMMk5AM6r6wKn5kXWkn2zXXtHD84NzHv7CdNc3KR7Dtn+IU3:pEQvSm5xkcHGgzONc3KR7Dtn+IU3
Score

10^/10

xloader idir loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2