xloader

General

Target

75d999d431819311abf8bd048cd084acdcd5f4e1
Size

376KB
Sample

230201-fwmemaca36
MD5

f3b6c4f3ff269bdcc55ad18ec7690497
SHA1

75d999d431819311abf8bd048cd084acdcd5f4e1
SHA256

854ed63f694e4f9526e3a1325691c934a328a82f5a73c5301b8e261c99b11b39
SHA512

30ded7705ce97f774ef98ba4b1888f9720185d430f161583fde1f926439fe91c348d3c7693ce1b34d3ccbd1dc907cb763faa86fb9249be864f6ab66807ad9de1
SSDEEP

6144:95iXLVYmUquirE7u/5F7LTVHqpX7zLh4JE5QI/6N6NMBwz+3meeKNf:95ib+mUquib/5FXhKp6Jari8GBNmeeK

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pzb5

Decoy

laceez-store.com

fastcobra.icu

adust.site

parcelpunk.com

dabanse.info

themacshisha.com

ketogenic-success.com

simplyrip.com

antoniolima.icu

ruyakeji.net

sysintegrados2.com

triangle-resolute.com

muratkivrak.com

ntwrkrecs.com

gtxhcntq.icu

charlottepromo.com

trygreenbar.com

abbathandhottub.com

sliim-up.com

hoteldeleauvive.com

Targets

- Target
  
  75d999d431819311abf8bd048cd084acdcd5f4e1
- Size
  
  376KB
- MD5
  
  f3b6c4f3ff269bdcc55ad18ec7690497
- SHA1
  
  75d999d431819311abf8bd048cd084acdcd5f4e1
- SHA256
  
  854ed63f694e4f9526e3a1325691c934a328a82f5a73c5301b8e261c99b11b39
- SHA512
  
  30ded7705ce97f774ef98ba4b1888f9720185d430f161583fde1f926439fe91c348d3c7693ce1b34d3ccbd1dc907cb763faa86fb9249be864f6ab66807ad9de1
- SSDEEP
  
  6144:95iXLVYmUquirE7u/5F7LTVHqpX7zLh4JE5QI/6N6NMBwz+3meeKNf:95ib+mUquib/5FXhKp6Jari8GBNmeeK
Score

10^/10

xloader pzb5 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2