xloader

General

Target

141ddd0c2968563397f23b549d161494d07cefc6518232d5ebe040203b1b8fa4
Size

1008KB
Sample

230129-yjl77sbd56
MD5

b413c6fb700ddcdd14095c312f705778
SHA1

b7fe78c8cdcf129a3c3805f99d5aba4aa2540a46
SHA256

141ddd0c2968563397f23b549d161494d07cefc6518232d5ebe040203b1b8fa4
SHA512

a5dde471f354c608644836456e947d5005bb265ce2da1b4dc8fdf11d8ee656f4af541f46b8df8573d90bc2548c717b45dbb46268ca4ed7e89968f69ef3145eb7
SSDEEP

12288:RC4/kWT7Agej5ec+qSAwRXx6SlThSdmBFK6vB3ImfcIz4jbifaIpMKlFzy4iJzxh:IAyovB6T8FKGjfcIzyMzyZzxPr+Gl

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uidr

Decoy

dulichsongcham.com

cash-royal.com

geneseewildlifetrapping.com

9cc9x79m3y2.com

ntjjzx.com

joinglooko.com

upmchealhtrak.com

hookandcask.com

orca-web.com

ag3holdings.com

empoweredinvestmentstx.com

lustywall.com

rcpelaurentides.com

goyalcoorchidnirvanatwo.homes

iotajinn.com

littlemlive.com

hippocratesbio.com

ashleysema.design

175a45.xyz

bpocompaniesphilippines.com

Targets

- Target
  
  141ddd0c2968563397f23b549d161494d07cefc6518232d5ebe040203b1b8fa4
- Size
  
  1008KB
- MD5
  
  b413c6fb700ddcdd14095c312f705778
- SHA1
  
  b7fe78c8cdcf129a3c3805f99d5aba4aa2540a46
- SHA256
  
  141ddd0c2968563397f23b549d161494d07cefc6518232d5ebe040203b1b8fa4
- SHA512
  
  a5dde471f354c608644836456e947d5005bb265ce2da1b4dc8fdf11d8ee656f4af541f46b8df8573d90bc2548c717b45dbb46268ca4ed7e89968f69ef3145eb7
- SSDEEP
  
  12288:RC4/kWT7Agej5ec+qSAwRXx6SlThSdmBFK6vB3ImfcIz4jbifaIpMKlFzy4iJzxh:IAyovB6T8FKGjfcIzyMzyZzxPr+Gl
Score

10^/10

xloader uidr loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2