xloader

General

Target

1186e3f48ba35b2f12d19fe9f20360cb
Size

1.2MB
Sample

231230-hpbewshfd5
MD5

1186e3f48ba35b2f12d19fe9f20360cb
SHA1

6c14318262010d5c951420f0a97a6a283b4c48d6
SHA256

9cb07f96c92eec0613b181bb89d9c122a03cb530abdd7d1dcef74d5b239a4024
SHA512

3410dce84c370b80d5ab569f95ec62cc77e1638146fe45ce89df74d07e801a5222d9499b8114cce293c784e59d3c9b5229ee47a81a0934cd63b1735836f3ced7
SSDEEP

12288:kYcMErhBZ4ovO4F0BKsCmagk1+YZ10Nv5ysReiwiKxZbF6vjSO8YWARajlPDJBHo:kYwICmm2OsBgo0q4wMGZ0JaOJT7KH

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p086

Decoy

jinshichain.com

worldpettraveler.com

hightecforpc.com

kj97fm.com

streetnewstv.com

webrew.club

wheretogodubai.com

apostapolitica.net

thecafy.com

vinelosangeles.com

gashinc.com

gutitout.net

bvd-invest.com

realtoroutdesk.com

lawnbowlstournaments.net

nobodyisillegal.com

abogadoorihuela.net

sanistela.com

jksecurityworld.com

peppermintproject.com

Targets

- Target
  
  1186e3f48ba35b2f12d19fe9f20360cb
- Size
  
  1.2MB
- MD5
  
  1186e3f48ba35b2f12d19fe9f20360cb
- SHA1
  
  6c14318262010d5c951420f0a97a6a283b4c48d6
- SHA256
  
  9cb07f96c92eec0613b181bb89d9c122a03cb530abdd7d1dcef74d5b239a4024
- SHA512
  
  3410dce84c370b80d5ab569f95ec62cc77e1638146fe45ce89df74d07e801a5222d9499b8114cce293c784e59d3c9b5229ee47a81a0934cd63b1735836f3ced7
- SSDEEP
  
  12288:kYcMErhBZ4ovO4F0BKsCmagk1+YZ10Nv5ysReiwiKxZbF6vjSO8YWARajlPDJBHo:kYwICmm2OsBgo0q4wMGZ0JaOJT7KH
Score

10^/10

xloader p086 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2