xloader

General

Target

dc1d2738ba06e1287d61bab41bdb587f
Size

1.0MB
Sample

240321-t74d6sfg62
MD5

dc1d2738ba06e1287d61bab41bdb587f
SHA1

29220b1a6efc6eee9e6691fe09c8ab001ecb07c4
SHA256

8d14d34bfe71397c4afe1a39bd68139f0d044f21e4cf5eaa43fc8fc15cb74d82
SHA512

2f056a5ea3adcbf35cca58c820e806718498aadec7bd552c138bb9f4076bc9a959e8412f9a9c5298bff1b9969b675142c52f6f0b4f11c13e6c40e79c8a2d163e
SSDEEP

24576:MAfuE/aqagftlM1vj9L5O5Fx85/drK64JCG4RoyCcbO82QsFKw2L9:MAfuE/aqagftlM1vj7OgK64JxqkcbeK9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ipa8

Decoy

royalposhpups.com

univa.world

lanerbo.com

shopbabygo.com

theutahhomestore.com

serialmixer.icu

linfeiya.com

xn--12cg3de5c2eb5cyi.com

am-conseil-communication.com

dailygame168.com

therightmilitia.com

visions-agency.com

mapopi.com

frugallyketo.com

guapandglo.com

54w-x126v.net

your-health-kick.com

blockchainhub360.com

registernowhd.xyz

votekellykitashima.com

Targets

- Target
  
  dc1d2738ba06e1287d61bab41bdb587f
- Size
  
  1.0MB
- MD5
  
  dc1d2738ba06e1287d61bab41bdb587f
- SHA1
  
  29220b1a6efc6eee9e6691fe09c8ab001ecb07c4
- SHA256
  
  8d14d34bfe71397c4afe1a39bd68139f0d044f21e4cf5eaa43fc8fc15cb74d82
- SHA512
  
  2f056a5ea3adcbf35cca58c820e806718498aadec7bd552c138bb9f4076bc9a959e8412f9a9c5298bff1b9969b675142c52f6f0b4f11c13e6c40e79c8a2d163e
- SSDEEP
  
  24576:MAfuE/aqagftlM1vj9L5O5Fx85/drK64JCG4RoyCcbO82QsFKw2L9:MAfuE/aqagftlM1vj7OgK64JxqkcbeK9
Score

10^/10

xloader ipa8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2