xloader

General

Target

211e907ca226888e2523fc25581b709e
Size

928KB
Sample

231231-ae4dxsbdan
MD5

211e907ca226888e2523fc25581b709e
SHA1

f914de694f20e3bfdc7a112bee4163024e8bef32
SHA256

0cae7429b9857d3eb81e95809e17976f07f909033fa7197116b075b52301de1c
SHA512

886e89a0810c96c666d6f96402f6bc39eb0630f1aad0de3ecba3ffb51067a66b02b5d753917ee3dbc9d59011d884f3c61f031a4fa9427863a679fb11ef973cf7
SSDEEP

24576:5NdCh9b8tR7ytS8+hVu6e2IZNya2p18fMHr/kmMH:HYhOtR7ov+Hu6eVLYphcm

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ssee

Decoy

portalcanaa.com

korzino.com

dlylms.net

smartearphoneshop.com

olimiloshop.com

auvdigitalstack.com

ydxc.chat

yhk868.com

lifeinthedport.com

self-sciencelabs.com

scandicpack.com

hold-sometimes.xyz

beiputei.com

yourrealtorcoach.com

rxods.com

fundsoption.com

ahlstromclothes.com

ksdieselparts.com

accountmangerford.com

kuwaitlogistic.com

Targets

- Target
  
  211e907ca226888e2523fc25581b709e
- Size
  
  928KB
- MD5
  
  211e907ca226888e2523fc25581b709e
- SHA1
  
  f914de694f20e3bfdc7a112bee4163024e8bef32
- SHA256
  
  0cae7429b9857d3eb81e95809e17976f07f909033fa7197116b075b52301de1c
- SHA512
  
  886e89a0810c96c666d6f96402f6bc39eb0630f1aad0de3ecba3ffb51067a66b02b5d753917ee3dbc9d59011d884f3c61f031a4fa9427863a679fb11ef973cf7
- SSDEEP
  
  24576:5NdCh9b8tR7ytS8+hVu6e2IZNya2p18fMHr/kmMH:HYhOtR7ov+Hu6eVLYphcm
Score

10^/10

xloader ssee loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2