xloader

General

Target

05a0d614857812cf60e42afe539fe93b
Size

943KB
Sample

231229-2egcyaeafk
MD5

05a0d614857812cf60e42afe539fe93b
SHA1

65cb75611584312f38d8ae2ee85cc642dfdc0ff5
SHA256

6aef2de42e7435e24a9dbab0ad4564a2403d9cac46516bbbf91739653e59bc0f
SHA512

9a0ce6c7e0cb354c24343cffa25dbbd69539e0570ad4952226dd2faf75349ee0ab384ad53971160aca3a903ebbcee4914c9e3b3a05389067c858c8c0bcc24441
SSDEEP

24576:yAbEAKbFImthPi3/Hx8YLHe4qxBgLiwHYoFIGKSDC1:XIbaaqzLjHbIGKn

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ipa8

Decoy

royalposhpups.com

univa.world

lanerbo.com

shopbabygo.com

theutahhomestore.com

serialmixer.icu

linfeiya.com

xn--12cg3de5c2eb5cyi.com

am-conseil-communication.com

dailygame168.com

therightmilitia.com

visions-agency.com

mapopi.com

frugallyketo.com

guapandglo.com

54w-x126v.net

your-health-kick.com

blockchainhub360.com

registernowhd.xyz

votekellykitashima.com

Targets

- Target
  
  QUOTATION KHEM0004 KHEM0005.exe
- Size
  
  854KB
- MD5
  
  08bc001583e1e146dda839abbf439a02
- SHA1
  
  0474f02da4c4574f80f94247436650c163627e67
- SHA256
  
  b4b2d03bc3ab57146ef1963936d3d054c0b5d055cf9a3f2862fd8b25733a7a63
- SHA512
  
  0f79ab2a8ae0d71c1a0747205dd5472f505baa123c328ff55daed253de534f7b7d3df84e8e6fa6f58dbd0035e152d6f189c544b0284f182edc0a94550c041b99
- SSDEEP
  
  12288:5csLjeStr3eA5KUlJHK7zqqP/qmzvowFdBmo8yLi+x27Rw65EUfAZ78Da41gwnab:XeKvKUlEVHDzgwFmFTGUwTU+78DaC3
Score

10^/10

xloader ipa8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2