xloader

General

Target

2438548470cc6fdfc93265bf9f939c42
Size

708KB
Sample

231231-cqvl9sgaf6
MD5

2438548470cc6fdfc93265bf9f939c42
SHA1

4eb34a255e08ccb2174afa0365d3fd955d589ae6
SHA256

e52bd741483d394b6d8ba1060687cf93aa8c6232cdaaad73eed02348c5acfaeb
SHA512

1d079bd0a89be7e1f2f77a8ace1eb54eceade3144b98fef9eeafcc4784edd19d865fc201f8febbea9701b77bd47350b28a6e78613e314e48486ea296a6bac813
SSDEEP

12288:C1Wl8TpmMxskWv6jf64vah+xWXYx/b44DUeuueXPuJ:CAGL0yWuxtx/R3DJ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pagi

Decoy

makehrworkable.com

sound-wisdom.com

blacts.com

caenantglamping.com

meridiancpas.com

draughtedinn.co.uk

windywoodshc.com

mintmovileplus.com

pubgeventdailylogin.com

thesocialdzr.com

holapv.com

racevc.com

openpula.pro

wepreventstroke.com

autoclosy.com

enginkarabacak.com

15096eec1652.info

buildthefoundation.net

pwilliamberciklaw.com

paramountrevenueadvisors.com

Targets

- Target
  
  2438548470cc6fdfc93265bf9f939c42
- Size
  
  708KB
- MD5
  
  2438548470cc6fdfc93265bf9f939c42
- SHA1
  
  4eb34a255e08ccb2174afa0365d3fd955d589ae6
- SHA256
  
  e52bd741483d394b6d8ba1060687cf93aa8c6232cdaaad73eed02348c5acfaeb
- SHA512
  
  1d079bd0a89be7e1f2f77a8ace1eb54eceade3144b98fef9eeafcc4784edd19d865fc201f8febbea9701b77bd47350b28a6e78613e314e48486ea296a6bac813
- SSDEEP
  
  12288:C1Wl8TpmMxskWv6jf64vah+xWXYx/b44DUeuueXPuJ:CAGL0yWuxtx/R3DJ
Score

10^/10

xloader pagi loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2