xloader

General

Target

1f05d929e0288a3d3ce3c53c111cfca9
Size

827KB
Sample

231225-pvdwjaede5
MD5

1f05d929e0288a3d3ce3c53c111cfca9
SHA1

679b18c7e7acfbb482bd1f40093db93c94697ae0
SHA256

8441a8b048a19c276e9c25457b681b8167a82f4fdee86dc4722891d0dbb5043a
SHA512

8a6233065618a775805aa44feda8ff98907b64d8b618fe470de15e8b911485d2cefc6cd06f8e333240b25943fb456adfa6c74b49de012c1c53d0fd67bf22d9bb
SSDEEP

24576:YCXflUMjoJLCQM+yYav2OxWcMVz7mo5oFCEkv:vv+CXqaO79Fosv

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

iuem

Decoy

agileatefoundation.com

preheimphotography.com

blueivymart.com

magetu.info

sunayah.com

gulumsecafe.com

belveder.net

pumpkinmangaming.com

playd6plus.com

thuanland.com

blacklivesmatterforreal.com

enviromentalco.com

ferronnstyle.com

mrbeagleshop.com

whmlqx.com

unifiedfederal.com

purest-you.com

ashleymartinonline.com

bayareaportraitphotographer.com

ysnrjelx.icu

Targets

- Target
  
  1f05d929e0288a3d3ce3c53c111cfca9
- Size
  
  827KB
- MD5
  
  1f05d929e0288a3d3ce3c53c111cfca9
- SHA1
  
  679b18c7e7acfbb482bd1f40093db93c94697ae0
- SHA256
  
  8441a8b048a19c276e9c25457b681b8167a82f4fdee86dc4722891d0dbb5043a
- SHA512
  
  8a6233065618a775805aa44feda8ff98907b64d8b618fe470de15e8b911485d2cefc6cd06f8e333240b25943fb456adfa6c74b49de012c1c53d0fd67bf22d9bb
- SSDEEP
  
  24576:YCXflUMjoJLCQM+yYav2OxWcMVz7mo5oFCEkv:vv+CXqaO79Fosv
Score

10^/10

xloader iuem loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2