xloader

General

Target

0fa7e8fbae34d439551872a7aa9fbd82_JaffaCakes118
Size

396KB
Sample

240328-zm2mqsha58
MD5

0fa7e8fbae34d439551872a7aa9fbd82
SHA1

f031508962597a71ef21489dd14589e5dd5761e1
SHA256

ae96332ca43b0c594a1c8c81d26c14742eca1c15c290901772bc4ae29c530f29
SHA512

e261527ee11fe28b95e1ea81653208764bae39831837d38bc5f77b199b89a0da26cf31f9987f6deb2b0c0fe3babcd5d9bed621c61fc66308e42b518d18cd77b5
SSDEEP

6144:CnugQQdh9w9+D8rnAtYGnAVivZ0Q3eurGjZOnZt1Z5DqjaS+Y:WugQQdh9w9C8rnQYGAabO6iZGZ5jk

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

yjqn

Decoy

ittybittybunnies.com

flordedesierto.com

cum.care

petshomespace.com

verputzarbeit.com

yuvajanmat.com

getlie.com

finanes.xyz

thelazyrando.com

domelite.design

yukinko-takasu.com

pontosmensal.com

maurlinoconstruction.com

getelectronow.com

newmexicocarwrecklawfirm.com

gunnbucks.com

ncsy30.xyz

opsem.info

authorisewallet.com

scchanghe.com

Targets

- Target
  
  0fa7e8fbae34d439551872a7aa9fbd82_JaffaCakes118
- Size
  
  396KB
- MD5
  
  0fa7e8fbae34d439551872a7aa9fbd82
- SHA1
  
  f031508962597a71ef21489dd14589e5dd5761e1
- SHA256
  
  ae96332ca43b0c594a1c8c81d26c14742eca1c15c290901772bc4ae29c530f29
- SHA512
  
  e261527ee11fe28b95e1ea81653208764bae39831837d38bc5f77b199b89a0da26cf31f9987f6deb2b0c0fe3babcd5d9bed621c61fc66308e42b518d18cd77b5
- SSDEEP
  
  6144:CnugQQdh9w9+D8rnAtYGnAVivZ0Q3eurGjZOnZt1Z5DqjaS+Y:WugQQdh9w9C8rnQYGAabO6iZGZ5jk
Score

10^/10

xloader yjqn loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2