xloader

General

Target

2b487f8cff52e5de3c37f4d48975ed45
Size

1.4MB
Sample

231225-tfm8wacaak
MD5

2b487f8cff52e5de3c37f4d48975ed45
SHA1

367d9ccbd374e0267eb50e3323fffce0ed2b2f41
SHA256

9808a74ae58e0a4ce64f01226ea471338f9df7e2155581ef0822070d952997b5
SHA512

af6fbfd84e96c7d75cf00b97d28f8b08b93bcf51faaaf5fb9a07a065e3d114ed1f4677f25af324804c536d795559dede1d698ae4056487314682bfcfa5eb2da9
SSDEEP

24576:9irOsBgo0q4wMWBmCmTOUd+L6kpXW9wdc0Kly0VaLQ8Iq40Kv1VZX:UaoHMqmCm6Ud+zpXmwDSy048JZ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p086

Decoy

jinshichain.com

worldpettraveler.com

hightecforpc.com

kj97fm.com

streetnewstv.com

webrew.club

wheretogodubai.com

apostapolitica.net

thecafy.com

vinelosangeles.com

gashinc.com

gutitout.net

bvd-invest.com

realtoroutdesk.com

lawnbowlstournaments.net

nobodyisillegal.com

abogadoorihuela.net

sanistela.com

jksecurityworld.com

peppermintproject.com

Targets

- Target
  
  2b487f8cff52e5de3c37f4d48975ed45
- Size
  
  1.4MB
- MD5
  
  2b487f8cff52e5de3c37f4d48975ed45
- SHA1
  
  367d9ccbd374e0267eb50e3323fffce0ed2b2f41
- SHA256
  
  9808a74ae58e0a4ce64f01226ea471338f9df7e2155581ef0822070d952997b5
- SHA512
  
  af6fbfd84e96c7d75cf00b97d28f8b08b93bcf51faaaf5fb9a07a065e3d114ed1f4677f25af324804c536d795559dede1d698ae4056487314682bfcfa5eb2da9
- SSDEEP
  
  24576:9irOsBgo0q4wMWBmCmTOUd+L6kpXW9wdc0Kly0VaLQ8Iq40Kv1VZX:UaoHMqmCm6Ud+zpXmwDSy048JZ
Score

10^/10

xloader p086 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2