xloader

General

Target

8e6c4dd7ce47a6a456438eb5df06e52c
Size

455KB
Sample

240204-gz328abcd3
MD5

8e6c4dd7ce47a6a456438eb5df06e52c
SHA1

838e6c7f24bef22088d140c851cd1a3c35c9f241
SHA256

9b985974efb3d7555b61cec77f2667cd6aca5f74a07f712b3aa58a54aa03bebb
SHA512

89881068b4aa6476a45e4c5538678bad7a636f8c82e6831c044e7f4a0b3fc45e6a0f4717b328f09d2f0f23e7a60624031eb59aa65180d2cd8b30fd40012db440
SSDEEP

6144:x5PmRalZzw8XucGRfFwCS+94o8DbXZk5c33aBBwVcV9gxvn0:xNmRgdXunRtGPzXXZqYKk2Vb

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

d8ak

Decoy

slingshots305.com

egemv.com

purplewrld.com

thaipayakorn.com

crontabcyber.com

wolfalike.com

tedstbrice.com

bbwtrip.com

clothestokidsri.com

experienanidworks.com

acuityhealthcare.xyz

applepai.net

happytownmayor.net

xn--vltadvisors-2eb.com

garbagegenius.com

ndddxs.com

accuratearrangements.com

wraptecny.com

torontomassage.club

ifem-ci.com

Targets

- Target
  
  8e6c4dd7ce47a6a456438eb5df06e52c
- Size
  
  455KB
- MD5
  
  8e6c4dd7ce47a6a456438eb5df06e52c
- SHA1
  
  838e6c7f24bef22088d140c851cd1a3c35c9f241
- SHA256
  
  9b985974efb3d7555b61cec77f2667cd6aca5f74a07f712b3aa58a54aa03bebb
- SHA512
  
  89881068b4aa6476a45e4c5538678bad7a636f8c82e6831c044e7f4a0b3fc45e6a0f4717b328f09d2f0f23e7a60624031eb59aa65180d2cd8b30fd40012db440
- SSDEEP
  
  6144:x5PmRalZzw8XucGRfFwCS+94o8DbXZk5c33aBBwVcV9gxvn0:xNmRgdXunRtGPzXXZqYKk2Vb
Score

10^/10

xloader d8ak loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2