xloader

General

Target

71c6dbf0c2c0fd7090cededf7e84d5eb
Size

619KB
Sample

231226-qkt1faggbr
MD5

71c6dbf0c2c0fd7090cededf7e84d5eb
SHA1

ebe5dacf93fc4deae2e90e5a084a547b2e937974
SHA256

bfab7d4e22c5f74fd6480ca211b4ec6d68e60b3fd81c6bee14d2bd41bd8a7a7d
SHA512

41692b78ae7366026f29bc673ed7ff12af041e196a0ffb8660de3bdec9ae5a47877a7338bc8ec0aa75e8dbf49cb93b2ef17e5e6256c9be31279becb6543700af
SSDEEP

12288:9f+XNDGoVZvUiJjaN+bTa4eJZD3RhmshEOH9O+SA6YzLG:sX1xJj39evD3RDaOdf6QLG

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

hdco

Decoy

csgo-buff.com

anphulong.site

sistemveag.xyz

latinosinhumanresources.com

lubenia.com

timelapse.company

sudhdesiiptv.com

yui61.com

hevibank.com

idreatreat.com

messengercalls.com

willbm.com

rujukanakauntan.com

poolemarina.com

gococonutoil.com

cryptoscoot.club

petarsandmay.com

insaenjournal.com

shopglau.com

myrandr.com

Targets

- Target
  
  71c6dbf0c2c0fd7090cededf7e84d5eb
- Size
  
  619KB
- MD5
  
  71c6dbf0c2c0fd7090cededf7e84d5eb
- SHA1
  
  ebe5dacf93fc4deae2e90e5a084a547b2e937974
- SHA256
  
  bfab7d4e22c5f74fd6480ca211b4ec6d68e60b3fd81c6bee14d2bd41bd8a7a7d
- SHA512
  
  41692b78ae7366026f29bc673ed7ff12af041e196a0ffb8660de3bdec9ae5a47877a7338bc8ec0aa75e8dbf49cb93b2ef17e5e6256c9be31279becb6543700af
- SSDEEP
  
  12288:9f+XNDGoVZvUiJjaN+bTa4eJZD3RhmshEOH9O+SA6YzLG:sX1xJj39evD3RDaOdf6QLG
Score

10^/10

xloader hdco loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2