xloader

General

Target

7652589d63abfff7dbd1e646b7c3d9ff0840ff5c6c9bf3fbb303189031942421
Size

966KB
Sample

230129-y4t4jsbh79
MD5

c0333ad2c54dbeaa683f72272f7cdb9e
SHA1

6b83bdd574eec43323edbe989f631bbe995f4e03
SHA256

7652589d63abfff7dbd1e646b7c3d9ff0840ff5c6c9bf3fbb303189031942421
SHA512

02b6cca699f30c0f049f572150a5ebc1361ed020cd0aa9884d2e87ac90a2d362a5aed04e1a687d30a43fbf34754b14f56e999f39b60da7155f62f828e4004fe0
SSDEEP

12288:ApRCK127BZddxiQZxXapnl/DAr52S1rKgU19Mx+TYW/l0RLq2W3/T:ADCNR8DXScgU19MxbW/GEPT

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ur06

Decoy

philippebrooksdesign.com

cmoorestudio.com

profille-sarina23tammara.club

dqulxe.com

uiffinger.com

nolarapper.com

maconanimalexterminator.com

bisovka.com

loveisloveent.com

datication.com

spxo66.com

drhelpnow.com

ladybug-cle.com

macocome.com

thepoppysocks.com

eldritchparadox.com

mercadolibre.company

ismartfarm.com

kansascarlot.com

kevinld.com

Targets

- Target
  
  7652589d63abfff7dbd1e646b7c3d9ff0840ff5c6c9bf3fbb303189031942421
- Size
  
  966KB
- MD5
  
  c0333ad2c54dbeaa683f72272f7cdb9e
- SHA1
  
  6b83bdd574eec43323edbe989f631bbe995f4e03
- SHA256
  
  7652589d63abfff7dbd1e646b7c3d9ff0840ff5c6c9bf3fbb303189031942421
- SHA512
  
  02b6cca699f30c0f049f572150a5ebc1361ed020cd0aa9884d2e87ac90a2d362a5aed04e1a687d30a43fbf34754b14f56e999f39b60da7155f62f828e4004fe0
- SSDEEP
  
  12288:ApRCK127BZddxiQZxXapnl/DAr52S1rKgU19Mx+TYW/l0RLq2W3/T:ADCNR8DXScgU19MxbW/GEPT
Score

10^/10

xloader ur06 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2