xloader

General

Target

c213db655e42bb7d3530221d1596a656
Size

1.2MB
Sample

231228-ejryxafeer
MD5

c213db655e42bb7d3530221d1596a656
SHA1

d7c366f5262a2da46c5974d18e22fda095993eb0
SHA256

24aad9972cfecd86a8ddbf486abef62e371c30ce350131472ccc41575252df4c
SHA512

9b78393135d8cb7246bf0ad9c7a0f0d4a9b060564cd3bca3f5141d08dce9f152d9b502f6b9be48f888e867b1ed95e03ca84f311f3f9a572d92fdd3a968b54863
SSDEEP

24576:eYPhCmxKNOsBgo0q4wMXYWocWufmhztdt:e0KMoHMXnocXfmhz7t

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

dfa8

Decoy

rocketgoldcorp.com

bdsportslive.com

szldbxg.com

teavelersjournal.com

nilmiro.com

empporiocar.com

xishuophp.net

multigremiosmadrid.com

tucsonlot.com

fitnessketo.com

ourhomeimprovements.com

fletcher-windows.com

shab834.com

neggouyadla.com

helps-support.net

waterst.one

schoolforshapers.com

shubhshaktinidhi.com

vintatts.com

ykmmailer18.com

Targets

- Target
  
  c213db655e42bb7d3530221d1596a656
- Size
  
  1.2MB
- MD5
  
  c213db655e42bb7d3530221d1596a656
- SHA1
  
  d7c366f5262a2da46c5974d18e22fda095993eb0
- SHA256
  
  24aad9972cfecd86a8ddbf486abef62e371c30ce350131472ccc41575252df4c
- SHA512
  
  9b78393135d8cb7246bf0ad9c7a0f0d4a9b060564cd3bca3f5141d08dce9f152d9b502f6b9be48f888e867b1ed95e03ca84f311f3f9a572d92fdd3a968b54863
- SSDEEP
  
  24576:eYPhCmxKNOsBgo0q4wMXYWocWufmhztdt:e0KMoHMXnocXfmhz7t
Score

10^/10

xloader dfa8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2