xloader

General

Target

7d99e80800868b21d88a5ab1a7e16f8cffe36b93bf3bb2cc07653df1081160e8
Size

238KB
Sample

230129-1eadysfa61
MD5

657dcb74c5bfebed6d30ed78a8816911
SHA1

f5b90f489e737c68183505f786f9655a71547c0a
SHA256

7d99e80800868b21d88a5ab1a7e16f8cffe36b93bf3bb2cc07653df1081160e8
SHA512

c14b3f0beee603562b5f2f14430d53c99360110d515a4bf54c6d59a9c5e0f88d7b1510f01976377e04a0acf3e53e64ec5e09f5bc9dc0ed8d39c4dbc389df8c53
SSDEEP

6144:/rga6QGlwBVA35NW3g69+VQSL3FgwlfB2a:/r36H9Db69+P3FgwlfB2a

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

seon

Decoy

preventionunited.com

keipy.com

kiezt.com

nocapsshows.com

qrayti.com

metodosinergico.com

illume313.com

petarsandmay.com

yangift.com

commercialrealestate.care

meteeor.net

block-rock.com

iwriteasnikki.com

kokomoexpresslaundry.com

nailinspirationsbypat.com

lancedawn.com

iprotectil.com

meuhomenegocio.com

wldl168.com

excelwins.com

Targets

- Target
  
  7d99e80800868b21d88a5ab1a7e16f8cffe36b93bf3bb2cc07653df1081160e8
- Size
  
  238KB
- MD5
  
  657dcb74c5bfebed6d30ed78a8816911
- SHA1
  
  f5b90f489e737c68183505f786f9655a71547c0a
- SHA256
  
  7d99e80800868b21d88a5ab1a7e16f8cffe36b93bf3bb2cc07653df1081160e8
- SHA512
  
  c14b3f0beee603562b5f2f14430d53c99360110d515a4bf54c6d59a9c5e0f88d7b1510f01976377e04a0acf3e53e64ec5e09f5bc9dc0ed8d39c4dbc389df8c53
- SSDEEP
  
  6144:/rga6QGlwBVA35NW3g69+VQSL3FgwlfB2a:/r36H9Db69+P3FgwlfB2a
Score

10^/10

xloader seon loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2