xloader

General

Target

1564f252ee0a595a9fed9790e279e2ba_JaffaCakes118
Size

450KB
Sample

240329-b4pgqseb8s
MD5

1564f252ee0a595a9fed9790e279e2ba
SHA1

37b5dd7c0216ff25f7ceb3454f1dae5c5ef5ce9f
SHA256

4df5e65bd070548174062805ec71cc0c4d737892f777ab35395043038e504fd5
SHA512

9482cb93cfe42d05d3605960274e3cfbf4d6df5a52a91d281c0acdc695437ffb057f655b8c1dfbd0663a2930fac5d6c6391b5c471663296d9f5cc5ec14ecf9ab
SSDEEP

6144:wU/wdfianbTa5st5MeiALm2vn51etMWf+OY3jgzTNpLjdbc+d1ghoGS+nKIOXSdq:ObuCaAq251IMWfojgrWsdGfOOf2t98bs

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gnui

Decoy

himalayanwanderwoods.com

finvi.guru

iphone13promax.show

rpfcomunicacao.com

inemilia.com

blboutiqueexchange.com

sukiller.com

tzwa.net

noemiklein.com

upscalepklptp.xyz

unboxk.com

greatamericanlandworks.com

bataperu.com

estebanacostapeugeot.com

gombc-a02.com

642541.com

13f465.com

jskswj.com

hibar.xyz

eltool.net

Targets

- Target
  
  RG25LGSJ.exe
- Size
  
  722KB
- MD5
  
  1286bb98d40fcfd0628de30f8f5b9499
- SHA1
  
  366ac62da8aed0d425c1913277ae0d4d7a85a951
- SHA256
  
  f6744dd0f12c44cc62ab5c2b58e0c2877d3935d8e1205f39bc540e3a58a88bc1
- SHA512
  
  ae27cd15daebdb5371ef2a93ecb24188160b19d48487d843c5d9ae3c43dc375f9c08283bedfb17142a4f6a5cc69b89042dd208897ab2208b3f18ed7a824f45ac
- SSDEEP
  
  12288:S+MTA2AkKT1IyEfQjixc8RGfOcRetV0TG4+vK+V2:S+MTA2eCcDg/0
Score

10^/10

xloader gnui loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2