xloader

General

Target

e752ae0abe724829b72a2df162596e66_JaffaCakes118
Size

949KB
Sample

240408-m81lcafg22
MD5

e752ae0abe724829b72a2df162596e66
SHA1

123a9f1b3ef781f53833216bba2f93db069d017f
SHA256

9744a8f624cc86bce830db5caf4a5a8b2263b51f53ca384908b2557e5f9ce99d
SHA512

194ebe2332cc2aa6a177353b19d49749743a94a7145f1b83212b500f490a10cb060700a3fcbd545090c0e4401efd2a0fc23990d6291825880433d5271e415a17
SSDEEP

12288:y/WDc9F3nC0Py3gAhqEJbjJEKuR/pKhAgjqzkI9ymd4txhJrqU3Glk5u1EBbCaj:Q7+hX2zywkxhJrRcOuuC

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ssee

Decoy

portalcanaa.com

korzino.com

dlylms.net

smartearphoneshop.com

olimiloshop.com

auvdigitalstack.com

ydxc.chat

yhk868.com

lifeinthedport.com

self-sciencelabs.com

scandicpack.com

hold-sometimes.xyz

beiputei.com

yourrealtorcoach.com

rxods.com

fundsoption.com

ahlstromclothes.com

ksdieselparts.com

accountmangerford.com

kuwaitlogistic.com

Targets

- Target
  
  e752ae0abe724829b72a2df162596e66_JaffaCakes118
- Size
  
  949KB
- MD5
  
  e752ae0abe724829b72a2df162596e66
- SHA1
  
  123a9f1b3ef781f53833216bba2f93db069d017f
- SHA256
  
  9744a8f624cc86bce830db5caf4a5a8b2263b51f53ca384908b2557e5f9ce99d
- SHA512
  
  194ebe2332cc2aa6a177353b19d49749743a94a7145f1b83212b500f490a10cb060700a3fcbd545090c0e4401efd2a0fc23990d6291825880433d5271e415a17
- SSDEEP
  
  12288:y/WDc9F3nC0Py3gAhqEJbjJEKuR/pKhAgjqzkI9ymd4txhJrqU3Glk5u1EBbCaj:Q7+hX2zywkxhJrRcOuuC
Score

10^/10

xloader ssee loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2