xloader

General

Target

12bb2a983fc09ed07579c60d0e396551
Size

670KB
Sample

231230-jr9wxaefam
MD5

12bb2a983fc09ed07579c60d0e396551
SHA1

f90c37191d8a31aacc69c4ae3aec0328d53673ac
SHA256

75de6a436c06db361958df9e1cd39e7e72e44a8e202058c5dc93233a5b135e6f
SHA512

d0febdd220c2c4cb32716a51fdbdf6ad7624f9557ec3775ce237dc6d7b5862e55ccd86cd4002a8d711038b0187402ad480d89a9f090b6c6a55037ce33ddb04ad
SSDEEP

12288:reIQB5+xLusf2hru1otRmf9Ozg+4roWrnGtRSIf/NzH0yWb4LwzOh+4:BZETtYFPLoWzGt4q/NzHHWEEiH

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ipa8

Decoy

royalposhpups.com

univa.world

lanerbo.com

shopbabygo.com

theutahhomestore.com

serialmixer.icu

linfeiya.com

xn--12cg3de5c2eb5cyi.com

am-conseil-communication.com

dailygame168.com

therightmilitia.com

visions-agency.com

mapopi.com

frugallyketo.com

guapandglo.com

54w-x126v.net

your-health-kick.com

blockchainhub360.com

registernowhd.xyz

votekellykitashima.com

Targets

- Target
  
  Confirm received PO 4500640396.exe
- Size
  
  1.1MB
- MD5
  
  6bca65813eeda79ba5ff4674fd4f831b
- SHA1
  
  b2eb4ec39716a2ee523372ad443df85f54ba1fc6
- SHA256
  
  2c365b6985fd96e0f9596e0e17370ef537d786473e490dfb144ade8fedc5f2ce
- SHA512
  
  026ddb7df5bd8d2c1033372990b9b7faaf3982084ea72528111c22cb149bcc49b141b7031a21df26db152edd55c75fe574d1f9db2bab3cb50f1c3aded2d4df01
- SSDEEP
  
  24576:ArFxb7FYgblhBewLhuXmXGrcWx/lND6hEhd73:Kyc1ewLhu1rTNNDWE
Score

10^/10

xloader ipa8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2