xloader

General

Target

02b89444a1d633c44e1e9e54e3fdd1b0
Size

945KB
Sample

231229-yzmtnshhhp
MD5

02b89444a1d633c44e1e9e54e3fdd1b0
SHA1

6d560a1c41457fa9c88d5d218ea4a9ae670fbedd
SHA256

52b0438a43977e210e58786f139697a9007854f624d8901c891a9af69b87667f
SHA512

1521d912a90f74e46a6428eb4ee6bdf7561ff05260b9243a34e724b9be1424bec2f7c78ea527097a3d75f349e5afa485bc9aeb159d6186e1f621e462eacda5f7
SSDEEP

12288:qxDc9F3nC0Py3gAhSEJbjJEK1+E5Gl6twEtG5FhVvjRrry8rXcuzDD8qfv:6J5Gl6HE5FhhjRvy8Zdv

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

earz

Decoy

halacoupon.com

anthos-labs.com

hagertylabs.net

l1992.com

856379580.xyz

rcbb-technologies.com

realhoggapparel.com

sauceprince.com

tootingcab.com

4chase5.com

ordergogibibimbap.com

nyj.xyz

dermixspa.com

premiergiftingco.com

razorcentric.com

mbrealtyadvisors.com

officialjazz.club

cctv006.com

hbcuatthepolls.info

prestamos-ya.com

Targets

- Target
  
  02b89444a1d633c44e1e9e54e3fdd1b0
- Size
  
  945KB
- MD5
  
  02b89444a1d633c44e1e9e54e3fdd1b0
- SHA1
  
  6d560a1c41457fa9c88d5d218ea4a9ae670fbedd
- SHA256
  
  52b0438a43977e210e58786f139697a9007854f624d8901c891a9af69b87667f
- SHA512
  
  1521d912a90f74e46a6428eb4ee6bdf7561ff05260b9243a34e724b9be1424bec2f7c78ea527097a3d75f349e5afa485bc9aeb159d6186e1f621e462eacda5f7
- SSDEEP
  
  12288:qxDc9F3nC0Py3gAhSEJbjJEK1+E5Gl6twEtG5FhVvjRrry8rXcuzDD8qfv:6J5Gl6HE5FhhjRvy8Zdv
Score

10^/10

xloader earz loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2