xloader

General

Target

8b454ae6b6f885af5d1f4213d3733777
Size

925KB
Sample

240203-dygwtaabhp
MD5

8b454ae6b6f885af5d1f4213d3733777
SHA1

1a72c8ecd2c4dd7d4e86ae3019635fa100475671
SHA256

b7c94551aecf1c6d81d3bd7986e06667fadc6bd496ce7133d671d0c79137eb51
SHA512

bb9e08d9953fb4fbf335ee76494c11a93b817af5c1584f9f6a87d999bacf55453238c62f6be3e67d0de61f5c3d66901aa25f68f71984a3a11726a5d235f1def1
SSDEEP

12288:kTqS4lV7F5deCnBC+AdNt8f/SDraKvChoxKJKQPQ5hV0kt4/8rBS06g/ClO6p/MT:gwDgCnUF8f63Lqhox/5hikSASiZ4Q4U

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ipa8

Decoy

royalposhpups.com

univa.world

lanerbo.com

shopbabygo.com

theutahhomestore.com

serialmixer.icu

linfeiya.com

xn--12cg3de5c2eb5cyi.com

am-conseil-communication.com

dailygame168.com

therightmilitia.com

visions-agency.com

mapopi.com

frugallyketo.com

guapandglo.com

54w-x126v.net

your-health-kick.com

blockchainhub360.com

registernowhd.xyz

votekellykitashima.com

Targets

- Target
  
  DHL Shipping Notification-pdf.exe
- Size
  
  1.2MB
- MD5
  
  972c10b3ab4db3207f027df78a76cb86
- SHA1
  
  f53e4798488151d26cfd070d0cc7e50f5b5950da
- SHA256
  
  eebf2b5d558c3f39f52538f7d3175c732f38351dca734eb37bf975796dcc086a
- SHA512
  
  5a30de7125d1ae7f25ddece4defe9bc109f83fee53112e8462b756ed805495f985d3795ac997e770e61a807bd09c9c06bc5e167f12038e035b76cbb8dee1d785
- SSDEEP
  
  24576:YGOsBgo0q4wM6BmCmTOUd+L6kIXWAAATff5nh9sPmieDZ1YD:YvoHM+mCm6Ud+zIXRlTfBn4UZ1YD
Score

10^/10

xloader ipa8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2