xloader

General

Target

f299a3572c1ca67f5df9c027c50f5488.bin
Size

258KB
Sample

230718-c7ex5sga28
MD5

f2c2a575f4aaae57718a7554889b3b35
SHA1

b5cab67d0052a2741f982bd0b0065ae0982bbe82
SHA256

b534432fbd54096403d0bbfd3be79cccbb269601cc3773eef3b36d3930089721
SHA512

8b9b06f9a9c3d4d62e319cf3b39126174c29f95688c3586572b5e1eeedd467bcc4e83cb97403adcce1cf6d3a9a0e4edeb856803f0b23304f56cd077a3c565c67
SSDEEP

6144:+AsNEoJ0PcKmTR7qcMBCbUEjVaGJGXnG1d5+LD:+dcPcwBCbbjGI50

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mjyv

Decoy

wenyuexuan.com

tropicaldepression.info

healthylifefit.com

reemletenleafy.com

jmrrve.com

mabduh.com

esomvw.com

selfcaresereneneness.com

murdabudz.com

meinemail.online

brandqrcodes.com

live-in-pflege.com

nickrecovery.com

ziototoristorante.com

chatcure.com

corlora.com

localagentlab.com

yogo7.net

krveop.com

heianswer.xyz

Targets

- Target
  
  b30baea69e5ba92f56e7d7aa79bb30ed9e889dfde1a690244c9fe02baef4617a.exe
- Size
  
  793KB
- MD5
  
  f299a3572c1ca67f5df9c027c50f5488
- SHA1
  
  98ae2458837e4f2bc4e518fd867d3edd28c4236f
- SHA256
  
  b30baea69e5ba92f56e7d7aa79bb30ed9e889dfde1a690244c9fe02baef4617a
- SHA512
  
  b67592a6fcb8110d41c86bc65141a4138fe251d139009f66235591e60a90905214d2694799f386f7ded8b1e247d38c024e8d102c05fdd645ba8045c81e7de4aa
- SSDEEP
  
  12288:MotEJb4xECMrM7I+KA0Z2+8cjtHei+uo0hE/:nCCMrG/R0wTcjtHei+uo0hE/
Score

10^/10

xloader mjyv loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2