xloader

General

Target

8c0263671777bd334d020336e478e4fa
Size

1.2MB
Sample

231226-y51ygsebd5
MD5

8c0263671777bd334d020336e478e4fa
SHA1

371df3b4ab9e04469a47612d91cf76f5b4379370
SHA256

10d77efb4e73958ffd46f710968a9c9a525db59b1d54325cd7211b0a0fa8664f
SHA512

dc5691deb18aea16d36cab08def1e0c5e3c864cc8093150320f45a77893235c3414a70fcc456a04ad05609a54c76b5acb4f5cbbf824501ea092609b46d6260cc
SSDEEP

24576:hBcOsBgo0q4wM2BmCmTOUd+L6kBXW8IZxQoprudAYUty/TY:hBloHMKmCm6Ud+zBXRIZDy4teT

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

mabs

Decoy

joiderqm.com

hyc306.com

ouchplus.asia

abrosnm3.com

hospitalanti-infectives.com

ala-co.com

morrisonltts.net

tradingimpulse.com

invisibleimagination.com

jdjshop.com

huntedby.com

szsgfdzx.com

germfightersusaiowa.com

pahaadpost.com

obrankers.com

plaeralum.com

getfitwithmeministry.com

smartswaploan.com

gypsyjewelrydesigns.com

meetgoodwill.info

Targets

- Target
  
  8c0263671777bd334d020336e478e4fa
- Size
  
  1.2MB
- MD5
  
  8c0263671777bd334d020336e478e4fa
- SHA1
  
  371df3b4ab9e04469a47612d91cf76f5b4379370
- SHA256
  
  10d77efb4e73958ffd46f710968a9c9a525db59b1d54325cd7211b0a0fa8664f
- SHA512
  
  dc5691deb18aea16d36cab08def1e0c5e3c864cc8093150320f45a77893235c3414a70fcc456a04ad05609a54c76b5acb4f5cbbf824501ea092609b46d6260cc
- SSDEEP
  
  24576:hBcOsBgo0q4wM2BmCmTOUd+L6kBXW8IZxQoprudAYUty/TY:hBloHMKmCm6Ud+zBXRIZDy4teT
Score

10^/10

xloader mabs loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2