xloader

General

Target

51112ee07c35f4bf1df019cdc021b9dc
Size

646KB
Sample

240110-t3rjtabbaq
MD5

51112ee07c35f4bf1df019cdc021b9dc
SHA1

4eb60ef0ac2fe2aaa3981d08d38ef9cec21a7964
SHA256

b291d4b0e0fce431f1832078efd8d6c98b3075353dc00aea62053e4f0eeecac4
SHA512

18494efe8772adc22d918dd51c3e20f352ca2557a6e96f65245d1788c3d0cf3fcef3fbd4313057abf6bc74bbdb63f9fa9aeae2524caa2699328db75915e48489
SSDEEP

12288:6RyfyLjw+e7Pzus+d5+o5bUu5g482PiubZFaYVYu5pG8Gz+Mm0+fN:ELVO7us+d5ZbUb44UrNY78GzdR+fN

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ajs8

Decoy

lotfysupport.net

tradingsentral.com

mobiles240.com

redecompre.com

mulliganjames.com

excursionlanzarote.com

n1getaccess.com

wirelessconsole.com

thevez.net

joygshpng.com

arandawines.com

eliassantis.net

racevc.com

mybluemonitor.com

jual-penggugurkandungan.com

connectgf.com

nmpsolutions.com

anipawesome.com

vissito.com

terracottagkp.com

Targets

- Target
  
  DHL Express Shipment_pdf__________________________________.exe
- Size
  
  1.1MB
- MD5
  
  e0e2f85a7c7542a6aa086a34be3ca86e
- SHA1
  
  f29e3ee8f219c79dd89f5884fc342356f0c47daf
- SHA256
  
  648a44e30f42dfbb760c84869255b1246b5940450e2fea476b1a138634e1785d
- SHA512
  
  a12cf1af7246f499ea3e48418028de8a635721d56169ea586c113e75fbbb7614568a8e7c3e9d7993cb429d5ade24f99fcea1802377892670fb842e85900af1db
- SSDEEP
  
  12288:YY4aNzsdDXHFYJDc9F3nC0Py3gAhRIIalhBMvAcmTaciU9dYdIR5PsYoYi0fpaNl:YoxKzHFYSblhBOmi3d45k1l0m2hw
Score

10^/10

xloader ajs8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2