xloader

General

Target

0c737a6befc4bba6c1ddba35d396f9d6
Size

261KB
Sample

231230-dk13jahabp
MD5

0c737a6befc4bba6c1ddba35d396f9d6
SHA1

e8e1dc5a5df9cc353f5a8be32dd19eef38a5b909
SHA256

f6bd2853a8346c75b10f30184adf3a12ddcc7b25dac4a1b0a5e281179b1e1322
SHA512

57e70330eb5f07a359bb2889fd98c76009502e29e76ed7d27615b7e031bfe0a536bbc7b9a446ce35ec37a9abdcfa80bbfe653a67fa631408c28c2b78964d5014
SSDEEP

6144:d/gFDMLc/CNihEGpptdMN2/CS/jyjLndnqPU5IJFGTP:dMDMoKkh5/I8CS/jyvA8CJFGTP

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6a4

Decoy

reviewsresolutions.com

binhminhgardenshophouse.com

nebulacom.com

kadhambaristudio.com

viltoom.club

supmomma.com

tjszxddc.com

darlingmemories.com

hyperultrapure.com

vibembrio.com

reallycoolmask.com

cumbukita.com

brian-newby.com

abstractaccessories.com

marykinky.com

minnesotareversemtgloans.com

prasetlement.com

xplpgi.com

xn--gdask-y7a.com

uababaseball.com

Targets

- Target
  
  0c737a6befc4bba6c1ddba35d396f9d6
- Size
  
  261KB
- MD5
  
  0c737a6befc4bba6c1ddba35d396f9d6
- SHA1
  
  e8e1dc5a5df9cc353f5a8be32dd19eef38a5b909
- SHA256
  
  f6bd2853a8346c75b10f30184adf3a12ddcc7b25dac4a1b0a5e281179b1e1322
- SHA512
  
  57e70330eb5f07a359bb2889fd98c76009502e29e76ed7d27615b7e031bfe0a536bbc7b9a446ce35ec37a9abdcfa80bbfe653a67fa631408c28c2b78964d5014
- SSDEEP
  
  6144:d/gFDMLc/CNihEGpptdMN2/CS/jyjLndnqPU5IJFGTP:dMDMoKkh5/I8CS/jyvA8CJFGTP
Score

10^/10

xloader b6a4 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2