xloader

General

Target

c62a556b445ff8cf1b9e0b038a13137e_JaffaCakes118
Size

344KB
Sample

240405-a116pafg72
MD5

c62a556b445ff8cf1b9e0b038a13137e
SHA1

7fefc1609a4e66d234abb47a1536857317bdb31b
SHA256

4b3af4ebfe94ecb1730c15620080935f619b6592fad681921968f986c030c0c3
SHA512

c372806da30c98b047d46f8e70cce90f93829fe484ff5eb49354bd132a846ff126ea4c7024e5fae8de60c96117d940ea4fe2d6c783c67987354c7eee99c4638e
SSDEEP

6144:RGvSgMkhBRG37a+v4HASv6MqvbQfkjQS3MhZg2+UZ295OiPd9QcEJ4m1x7:FSBk3e/v6MqvGBSo+A29siF3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ef6c

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

Targets

- Target
  
  c62a556b445ff8cf1b9e0b038a13137e_JaffaCakes118
- Size
  
  344KB
- MD5
  
  c62a556b445ff8cf1b9e0b038a13137e
- SHA1
  
  7fefc1609a4e66d234abb47a1536857317bdb31b
- SHA256
  
  4b3af4ebfe94ecb1730c15620080935f619b6592fad681921968f986c030c0c3
- SHA512
  
  c372806da30c98b047d46f8e70cce90f93829fe484ff5eb49354bd132a846ff126ea4c7024e5fae8de60c96117d940ea4fe2d6c783c67987354c7eee99c4638e
- SSDEEP
  
  6144:RGvSgMkhBRG37a+v4HASv6MqvbQfkjQS3MhZg2+UZ295OiPd9QcEJ4m1x7:FSBk3e/v6MqvGBSo+A29siF3
Score

10^/10

xloader ef6c loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2