xloader

General

Target

a1a8b78f7d0967e3690c42442a7225a5
Size

1.2MB
Sample

240224-mqdc4aab2x
MD5

a1a8b78f7d0967e3690c42442a7225a5
SHA1

b0cfacdc0d59c62ef064d3d113330ea475c16a43
SHA256

39c6360f8c3d77d905cfea361ab4858a8b216b173b975c81677ff0e341e9432f
SHA512

30deab758bfd222afa8df5b1f957c698d6802caa4b46434484be7677814ce8d5c9c110454efd2b22fc010404673446636e66bce493cf501fcb24822a5788546a
SSDEEP

24576:RYr1CmATOsBgo0q4wMbJ0E33nWghuYfp:R7CoHMbJDHGK

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u3r5

Decoy

alashan.ltd

demopagephequan.online

garxznql.icu

unetart.com

dajiangzhibo15.com

influencer.fund

beverlyhills.city

strefafryzur.net

giftboxhawaii.com

ecotiare.com

homeandgardenradioshow.com

sageandsandco.com

laflesoley.com

icipatanegra.online

autovistoriapredial.net

xn--polenezkypark-pmb.com

cbdamic.com

aaronandmarissa.com

datasoma.digital

theclosetology.com

Targets

- Target
  
  a1a8b78f7d0967e3690c42442a7225a5
- Size
  
  1.2MB
- MD5
  
  a1a8b78f7d0967e3690c42442a7225a5
- SHA1
  
  b0cfacdc0d59c62ef064d3d113330ea475c16a43
- SHA256
  
  39c6360f8c3d77d905cfea361ab4858a8b216b173b975c81677ff0e341e9432f
- SHA512
  
  30deab758bfd222afa8df5b1f957c698d6802caa4b46434484be7677814ce8d5c9c110454efd2b22fc010404673446636e66bce493cf501fcb24822a5788546a
- SSDEEP
  
  24576:RYr1CmATOsBgo0q4wMbJ0E33nWghuYfp:R7CoHMbJDHGK
Score

10^/10

xloader u3r5 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2