xloader

General

Target

266bea059e22c1f41f1e52f91085557f_JaffaCakes118
Size

458KB
Sample

240329-tke33acf57
MD5

266bea059e22c1f41f1e52f91085557f
SHA1

f835aead5f6813938c799fbe17dc474195cd1d53
SHA256

baa03fe427a6d7ec2a551e763b3c04ba010b404dedd4291bfdc6c478d848df68
SHA512

a7e7d9ddbac8c25995e2c76d2a3811045c1ff8f6d5a59c261250ed2c74a38c696a2754d7b6d9305df1693175d3934e154e08617307904f182efe3ee025956d37
SSDEEP

6144:EbE6QhiTaF9dCJL9mERt9RGTtKttotRtYDETAH2waf3V1fRdwdbWNArn+fOAlXTZ:E6DyL9pD3HO37fIdbnY6+v5EwQ8S

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gab8

Decoy

amateurfeetworship.com

big-food.biz

metaversevolution.com

profecional-pacasmayo.com

royzoom.com

bekindevolution.com

hokozaki.com

waltersswholesale.com

wayfinderacu.com

schnurrgallery.com

babygearrentals.net

imggtoken.club

24x7x366.com

lakiernictwo.info

les-cours.com

dwticket.com

onarollshades.com

ramireztradepartners.com

safarparfums.com

6ngie.info

Targets

- Target
  
  266bea059e22c1f41f1e52f91085557f_JaffaCakes118
- Size
  
  458KB
- MD5
  
  266bea059e22c1f41f1e52f91085557f
- SHA1
  
  f835aead5f6813938c799fbe17dc474195cd1d53
- SHA256
  
  baa03fe427a6d7ec2a551e763b3c04ba010b404dedd4291bfdc6c478d848df68
- SHA512
  
  a7e7d9ddbac8c25995e2c76d2a3811045c1ff8f6d5a59c261250ed2c74a38c696a2754d7b6d9305df1693175d3934e154e08617307904f182efe3ee025956d37
- SSDEEP
  
  6144:EbE6QhiTaF9dCJL9mERt9RGTtKttotRtYDETAH2waf3V1fRdwdbWNArn+fOAlXTZ:E6DyL9pD3HO37fIdbnY6+v5EwQ8S
Score

10^/10

xloader gab8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2