xloader

General

Target

108d9f901a58b91dea720c89bdaf6424_JaffaCakes118
Size

494KB
Sample

240328-1ddpzshg78
MD5

108d9f901a58b91dea720c89bdaf6424
SHA1

27c84fd7da3576f056d3c216cc1602839b6afaa4
SHA256

7ec1e15224d90dfaf4898e771aa9997de11ad6794dce01f6c7d8b8cf479eb0fa
SHA512

e33be9e7465239f07ffadf9439abe8d12aacab55587f8cf8a7f3e8fa0d64bb76abcfc5b71dbfc7710b871b55145292d6cff89d827e96d413f66d33d7d9b8555d
SSDEEP

12288:zIwKYKwWHGKS8R2jLmgyKlIPoI6sG7I9LKpOjSSbwUw:ZeGtXDyRP6JF7

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cuig

Decoy

sofiathinks-elderly.net

lahamicoast.info

2shengman.com

cbsautoplex.com

arcana-candles.com

genrage.com

kukumiou.xyz

thequizerking.com

sonataproductions.com

rebuildgomnmf.xyz

ubcoin.store

yiyouxue.net

firstlifehome.com

mdx-inc.net

gotbn-c01.com

dinobrindes.store

jcm-iso.com

cliente-mais.com

mloujewelry.com

correoversoi.quest

Targets

- Target
  
  108d9f901a58b91dea720c89bdaf6424_JaffaCakes118
- Size
  
  494KB
- MD5
  
  108d9f901a58b91dea720c89bdaf6424
- SHA1
  
  27c84fd7da3576f056d3c216cc1602839b6afaa4
- SHA256
  
  7ec1e15224d90dfaf4898e771aa9997de11ad6794dce01f6c7d8b8cf479eb0fa
- SHA512
  
  e33be9e7465239f07ffadf9439abe8d12aacab55587f8cf8a7f3e8fa0d64bb76abcfc5b71dbfc7710b871b55145292d6cff89d827e96d413f66d33d7d9b8555d
- SSDEEP
  
  12288:zIwKYKwWHGKS8R2jLmgyKlIPoI6sG7I9LKpOjSSbwUw:ZeGtXDyRP6JF7
Score

10^/10

xloader cuig loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2