xloader

General

Target

b46a22955d2130a5f8192c60b0f858c4
Size

1.0MB
Sample

240305-lyz2dsca7y
MD5

b46a22955d2130a5f8192c60b0f858c4
SHA1

c1f5193c90c35c6e6f559cc0fa8fc85b24739148
SHA256

eda0437f309b771f71f1222248fe6e727a114e91b808ffa75b5bb395479924d6
SHA512

8f73dc964a7f2ecf9dc27bec814f6b87bcb3d944f6db19e6162ea7610d0c618e80702741f94a6cb172e90768406f9489eb845a510dafeb06f08722b560cb8aa6
SSDEEP

12288:hU1pNOknfkaNakFuy6yoTWH66J711NO+lc5zi/ny8da8b:h+OAmQH66lNiG//Q8b

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ssee

Decoy

portalcanaa.com

korzino.com

dlylms.net

smartearphoneshop.com

olimiloshop.com

auvdigitalstack.com

ydxc.chat

yhk868.com

lifeinthedport.com

self-sciencelabs.com

scandicpack.com

hold-sometimes.xyz

beiputei.com

yourrealtorcoach.com

rxods.com

fundsoption.com

ahlstromclothes.com

ksdieselparts.com

accountmangerford.com

kuwaitlogistic.com

Targets

- Target
  
  b46a22955d2130a5f8192c60b0f858c4
- Size
  
  1.0MB
- MD5
  
  b46a22955d2130a5f8192c60b0f858c4
- SHA1
  
  c1f5193c90c35c6e6f559cc0fa8fc85b24739148
- SHA256
  
  eda0437f309b771f71f1222248fe6e727a114e91b808ffa75b5bb395479924d6
- SHA512
  
  8f73dc964a7f2ecf9dc27bec814f6b87bcb3d944f6db19e6162ea7610d0c618e80702741f94a6cb172e90768406f9489eb845a510dafeb06f08722b560cb8aa6
- SSDEEP
  
  12288:hU1pNOknfkaNakFuy6yoTWH66J711NO+lc5zi/ny8da8b:h+OAmQH66lNiG//Q8b
Score

10^/10

xloader ssee loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2