xloader

General

Target

61f6d8b5f81a50408b7f7651542b288715228f51498fbb8c690d50652e2f212d
Size

782KB
Sample

230129-ya7sjsce4x
MD5

64b091b2d9a92783188acd0ef73714ef
SHA1

18949cc775d2194689a15dc3f684facfa8de52bc
SHA256

61f6d8b5f81a50408b7f7651542b288715228f51498fbb8c690d50652e2f212d
SHA512

802d31e77469ac3a193f8c1cb00a323b950acb3430cbec1d77e6ed33698899cff77edd62ea4c43aae4bf33f0530cc00b3db65be7f51e4e3a92e0cda7dce2fdc5
SSDEEP

12288:hdyFqZH1iH0Cz85D1EWIxtyMY1WrsdDU/4aW6IqC04MKrqzj/5OfE0N:KFq5m0CYVerxFY4rqUnt4MZ35+

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

d833

Decoy

mediacritiquechic.com

emelinaphotography.com

angieblankpiano.com

dmkjqj.com

groupling.net

domainhustlerco.com

ez2elmer.xyz

cczsn.com

palenciamobley.com

beeplantia.com

theautotechguys.com

divasdealz.com

ndconfident.net

miibu.info

youmisp.info

vogelvrij.net

lugosjourney.com

naturesbesthealthfoodstore.com

sagessetoren.com

linkspetdesk.com

Targets

- Target
  
  61f6d8b5f81a50408b7f7651542b288715228f51498fbb8c690d50652e2f212d
- Size
  
  782KB
- MD5
  
  64b091b2d9a92783188acd0ef73714ef
- SHA1
  
  18949cc775d2194689a15dc3f684facfa8de52bc
- SHA256
  
  61f6d8b5f81a50408b7f7651542b288715228f51498fbb8c690d50652e2f212d
- SHA512
  
  802d31e77469ac3a193f8c1cb00a323b950acb3430cbec1d77e6ed33698899cff77edd62ea4c43aae4bf33f0530cc00b3db65be7f51e4e3a92e0cda7dce2fdc5
- SSDEEP
  
  12288:hdyFqZH1iH0Cz85D1EWIxtyMY1WrsdDU/4aW6IqC04MKrqzj/5OfE0N:KFq5m0CYVerxFY4rqUnt4MZ35+
Score

10^/10

xloader d833 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2