xloader

General

Target

d58384baa88b91df65569d660998685f0c05760e201e93461694698d4770b2d7
Size

422KB
Sample

230129-y8kexacb38
MD5

7904b25e05ab4a27857e1f5a30138149
SHA1

19bc6484ad915f83880f05d1c390ae6f5bbaeccf
SHA256

d58384baa88b91df65569d660998685f0c05760e201e93461694698d4770b2d7
SHA512

542a99eaa15983e1876b8bc8766af4d6ad5fdbadb76e67b942ddb25602f9378fae0712a6ef3971afd197ff76c124bbd7bd66e4b0744a9b8770f786a55e83b1f6
SSDEEP

12288:DkVmRzvFXkNaYiG8LLzhXPKF3fDf5gdyC18d5hLtyTA:QVEJXcTiHXVM7fEyC18iTA

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uidr

Decoy

dulichsongcham.com

cash-royal.com

geneseewildlifetrapping.com

9cc9x79m3y2.com

ntjjzx.com

joinglooko.com

upmchealhtrak.com

hookandcask.com

orca-web.com

ag3holdings.com

empoweredinvestmentstx.com

lustywall.com

rcpelaurentides.com

goyalcoorchidnirvanatwo.homes

iotajinn.com

littlemlive.com

hippocratesbio.com

ashleysema.design

175a45.xyz

bpocompaniesphilippines.com

Targets

- Target
  
  d58384baa88b91df65569d660998685f0c05760e201e93461694698d4770b2d7
- Size
  
  422KB
- MD5
  
  7904b25e05ab4a27857e1f5a30138149
- SHA1
  
  19bc6484ad915f83880f05d1c390ae6f5bbaeccf
- SHA256
  
  d58384baa88b91df65569d660998685f0c05760e201e93461694698d4770b2d7
- SHA512
  
  542a99eaa15983e1876b8bc8766af4d6ad5fdbadb76e67b942ddb25602f9378fae0712a6ef3971afd197ff76c124bbd7bd66e4b0744a9b8770f786a55e83b1f6
- SSDEEP
  
  12288:DkVmRzvFXkNaYiG8LLzhXPKF3fDf5gdyC18d5hLtyTA:QVEJXcTiHXVM7fEyC18iTA
Score

10^/10

xloader uidr loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2