xloader

General

Target

d2ca0aeba0c4f86b3713db0c414aa974_JaffaCakes118
Size

569KB
Sample

240405-nvnkasah3y
MD5

d2ca0aeba0c4f86b3713db0c414aa974
SHA1

af480d2576310b067920961824bf77cba332a7b0
SHA256

260472d8397219a6a202a4168b806c0879be49c60cca08fda308adccdd5cb809
SHA512

e32094fdfa402d9cc41b652bdabe99eddfe53cf2b85f4329672736b09e1b5684fac257b1b54c924ce410668d0ea146d4ab4eefb26d05460820882f58a29e2983
SSDEEP

12288:EtAKuv61ZqdAMGxInWGLRayG3YrSQHuwXiiW40EtvPLU2pZV67JYT8ER4YoTy:EtAK31ZXIWG9KIriwXHW6

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

huve

Decoy

pamschams.com

uwdvcn.com

dualipaportland.com

figewus.xyz

bashed.xyz

datasdy4d.com

seinvestments-sg.com

karenradunz.com

cartridgeops.com

maxim-llc.com

baldiksa.com

keiko-t.com

fuldencavusoglu.com

j98068.com

rvinar.com

businessmattersie.com

datajobmarket.com

freayabnnd.com

indiecowboy.com

clvwj.com

Targets

- Target
  
  d2ca0aeba0c4f86b3713db0c414aa974_JaffaCakes118
- Size
  
  569KB
- MD5
  
  d2ca0aeba0c4f86b3713db0c414aa974
- SHA1
  
  af480d2576310b067920961824bf77cba332a7b0
- SHA256
  
  260472d8397219a6a202a4168b806c0879be49c60cca08fda308adccdd5cb809
- SHA512
  
  e32094fdfa402d9cc41b652bdabe99eddfe53cf2b85f4329672736b09e1b5684fac257b1b54c924ce410668d0ea146d4ab4eefb26d05460820882f58a29e2983
- SSDEEP
  
  12288:EtAKuv61ZqdAMGxInWGLRayG3YrSQHuwXiiW40EtvPLU2pZV67JYT8ER4YoTy:EtAK31ZXIWG9KIriwXHW6
Score

10^/10

xloader huve loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2