xloader

General

Target

23962f311cb6016e8f5a84ceb3bab011
Size

936KB
Sample

231225-q9greaffc5
MD5

23962f311cb6016e8f5a84ceb3bab011
SHA1

684290eac2e8dab2b2f3d7d3e598cc87306c1840
SHA256

1086e2faa19287c271b669be3118a0509f3547cbe638e7f783d0c691be084be8
SHA512

b38324d8d0ef841dd536cd04aa8fb04975353bd7cdde56553ae298cbc743200e0c40e48c36d1c66802a8cce1caf051d7a62d7fbc3be9aafa3950e263318699f3
SSDEEP

24576:zTd8cS/d3YK64J3S0R5z2xICwcQo1+HisZzoH:HBK64Ji0R12Ce1KFzo

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

wufn

Decoy

rsautoluxe.com

theroseofsharonsalon.com

singnema.com

nathanielwhite108.com

theforumonline.com

iqpt.info

joneshondaservice.com

fafene.com

solanohomebuyerclass.com

zwq.xyz

searchlakeconroehomes.com

briative.com

frystmor.city

systemofyouth.com

sctsmney.com

tv-safetrading.com

thesweetboy.com

occulusblu.com

pawsthemomentpetphotography.com

travelstipsguide.com

Targets

- Target
  
  23962f311cb6016e8f5a84ceb3bab011
- Size
  
  936KB
- MD5
  
  23962f311cb6016e8f5a84ceb3bab011
- SHA1
  
  684290eac2e8dab2b2f3d7d3e598cc87306c1840
- SHA256
  
  1086e2faa19287c271b669be3118a0509f3547cbe638e7f783d0c691be084be8
- SHA512
  
  b38324d8d0ef841dd536cd04aa8fb04975353bd7cdde56553ae298cbc743200e0c40e48c36d1c66802a8cce1caf051d7a62d7fbc3be9aafa3950e263318699f3
- SSDEEP
  
  24576:zTd8cS/d3YK64J3S0R5z2xICwcQo1+HisZzoH:HBK64Ji0R12Ce1KFzo
Score

10^/10

xloader wufn loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2