xloader

General

Target

b45601c94bc29ed138616c6ca1db4cb3
Size

1.1MB
Sample

231227-spxy1aaac8
MD5

b45601c94bc29ed138616c6ca1db4cb3
SHA1

71401849b07a4cfbedaec0ed8621c00425c6fedf
SHA256

43b1111f92ac92c2804ebe0316d8e7d91b4b4fb6daa00e82fefd02c483eda1a3
SHA512

4fa75a4b67d3e9ecaaf2504bcef041f4334d1338a075b887e90b6e60128fd3b2668ab7c1128e5c64c01a1e8d5cc8a9d94efee29d2f20876c2e38db078d5a3022
SSDEEP

24576:odS/d31Kzks8ks21oODt9HJcPNoPZBUK3ITy8jh8N7ZN:JKDBxfQK30ON7ZN

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p596

Decoy

ushistorical.com

lovepropertylondon.com

acupress-the-point.com

3772548.com

ambientabuse.com

primaveracm.com

themidwestmomblog.com

havasavunma.com

rockyroadbrand.com

zzphys.com

masque-inclusif.com

myeonyeokplus.com

linkernet.pro

zezirma.com

mysiniar.com

andreamall.com

mattesonauto.com

wandopowerinc.com

casaurgence.com

salishseaquilts.com

Targets

- Target
  
  b45601c94bc29ed138616c6ca1db4cb3
- Size
  
  1.1MB
- MD5
  
  b45601c94bc29ed138616c6ca1db4cb3
- SHA1
  
  71401849b07a4cfbedaec0ed8621c00425c6fedf
- SHA256
  
  43b1111f92ac92c2804ebe0316d8e7d91b4b4fb6daa00e82fefd02c483eda1a3
- SHA512
  
  4fa75a4b67d3e9ecaaf2504bcef041f4334d1338a075b887e90b6e60128fd3b2668ab7c1128e5c64c01a1e8d5cc8a9d94efee29d2f20876c2e38db078d5a3022
- SSDEEP
  
  24576:odS/d31Kzks8ks21oODt9HJcPNoPZBUK3ITy8jh8N7ZN:JKDBxfQK30ON7ZN
Score

10^/10

xloader p596 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2