xloader

General

Target

455e9a76438e10a9c69c609d1d4ed136.exe
Size

685KB
Sample

240106-mkmpkseafn
MD5

455e9a76438e10a9c69c609d1d4ed136
SHA1

4e5e8ad8138ca39ae076e9d97c38b9275f6d9726
SHA256

9a33dbdebade5d8be42726df8d9b8ebb50c0982a354aea70f6a07d97826953af
SHA512

6235792be899e672f8881aecac785dc4bb3980e0899f1bb77d20b4617d06d107e770e9b05b41be71787d906efc082c4c708a05ba0c7821e8b48a7fe5da3f8b1b
SSDEEP

6144:FHSiQrg69Wg1ZeT4VB27uXAORbXHqU+7ptFg2bc47udTDLMLI7gXjt8Dwg9WELzL:Mug1ZeT4TXHHqU+Vbc47uMVjaDV9RLzL

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q3t0

Decoy

xn--n8jh0ox33v9th.club

realestateactiongroup.com

theblackcottage.com

iptvfresh.com

firstseviceresidential.com

enhancemarketingsolutions.com

matchawali.com

lockedselfstorage.com

laurencervera.com

waffleicionados.com

ryanplumbingandmechanical.com

mahalabartlemathiassen.com

enter-flowers.com

berlinclick.com

pop.direct

dangeranimalsfounded.press

sweetwhiskerscreamery.com

acaciamultimedia.com

thejoyfulmark.com

bspceducation.com

Targets

- Target
  
  455e9a76438e10a9c69c609d1d4ed136.exe
- Size
  
  685KB
- MD5
  
  455e9a76438e10a9c69c609d1d4ed136
- SHA1
  
  4e5e8ad8138ca39ae076e9d97c38b9275f6d9726
- SHA256
  
  9a33dbdebade5d8be42726df8d9b8ebb50c0982a354aea70f6a07d97826953af
- SHA512
  
  6235792be899e672f8881aecac785dc4bb3980e0899f1bb77d20b4617d06d107e770e9b05b41be71787d906efc082c4c708a05ba0c7821e8b48a7fe5da3f8b1b
- SSDEEP
  
  6144:FHSiQrg69Wg1ZeT4VB27uXAORbXHqU+7ptFg2bc47udTDLMLI7gXjt8Dwg9WELzL:Mug1ZeT4TXHHqU+Vbc47uMVjaDV9RLzL
Score

10^/10

xloader q3t0 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2