xloader

General

Target

d48c6eda4d7da385d81986abfc9e091f3498cad3d29adf040eda851f28a10e1a
Size

847KB
Sample

230129-y8k2fade8s
MD5

0f15fde98b90284e0e85c2ffae134257
SHA1

1946df71ecb4ccac1dbf4ca156b48ec2557e67fe
SHA256

d48c6eda4d7da385d81986abfc9e091f3498cad3d29adf040eda851f28a10e1a
SHA512

a1522d7c4b0f3ff9e4392916fd46c2c372cb8fea54be9d82ca9cbabaa307fc432b905f8d3153885a4c9539dacab044c8554c392ab4f441bb58548720ce85e417
SSDEEP

12288:gY7fh9loCS6KxbxeDuVvFpIHOEuZXKiezfCEKsmKWQYMdP:gafhA96Kx46DpcOEuhKStsz

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ur06

Decoy

philippebrooksdesign.com

cmoorestudio.com

profille-sarina23tammara.club

dqulxe.com

uiffinger.com

nolarapper.com

maconanimalexterminator.com

bisovka.com

loveisloveent.com

datication.com

spxo66.com

drhelpnow.com

ladybug-cle.com

macocome.com

thepoppysocks.com

eldritchparadox.com

mercadolibre.company

ismartfarm.com

kansascarlot.com

kevinld.com

Targets

- Target
  
  d48c6eda4d7da385d81986abfc9e091f3498cad3d29adf040eda851f28a10e1a
- Size
  
  847KB
- MD5
  
  0f15fde98b90284e0e85c2ffae134257
- SHA1
  
  1946df71ecb4ccac1dbf4ca156b48ec2557e67fe
- SHA256
  
  d48c6eda4d7da385d81986abfc9e091f3498cad3d29adf040eda851f28a10e1a
- SHA512
  
  a1522d7c4b0f3ff9e4392916fd46c2c372cb8fea54be9d82ca9cbabaa307fc432b905f8d3153885a4c9539dacab044c8554c392ab4f441bb58548720ce85e417
- SSDEEP
  
  12288:gY7fh9loCS6KxbxeDuVvFpIHOEuZXKiezfCEKsmKWQYMdP:gafhA96Kx46DpcOEuhKStsz
Score

10^/10

xloader ur06 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2