xloader

General

Target

ecb6961afcce09226b552a95c6a563ba_JaffaCakes118
Size

846KB
Sample

240411-flhzfsga5s
MD5

ecb6961afcce09226b552a95c6a563ba
SHA1

a7cd1c0b74b325665e90e9ebee79f8f6f214c683
SHA256

7f0599ad186f76d0d5ae5daf5e713747281b1b631bfef0cb340b2977ed53d253
SHA512

e28fa28fdf87b7a28b4550cd36bfadfdd9fee0ccb6f171f8d7cd38f5e8d68cae3216e125907868c7a743bb3af7ed46996b8108361f05103baba0ec7cb2849b1e
SSDEEP

12288:RmDc9F3nC0Py3gAh/9xqIKujVs3Q27qWx9Uc0obNevohqBDfLD/Xpqlnp/Tjm:RAxoujVWx930Y0cqxZqlnd/m

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ssee

Decoy

portalcanaa.com

korzino.com

dlylms.net

smartearphoneshop.com

olimiloshop.com

auvdigitalstack.com

ydxc.chat

yhk868.com

lifeinthedport.com

self-sciencelabs.com

scandicpack.com

hold-sometimes.xyz

beiputei.com

yourrealtorcoach.com

rxods.com

fundsoption.com

ahlstromclothes.com

ksdieselparts.com

accountmangerford.com

kuwaitlogistic.com

Targets

- Target
  
  ecb6961afcce09226b552a95c6a563ba_JaffaCakes118
- Size
  
  846KB
- MD5
  
  ecb6961afcce09226b552a95c6a563ba
- SHA1
  
  a7cd1c0b74b325665e90e9ebee79f8f6f214c683
- SHA256
  
  7f0599ad186f76d0d5ae5daf5e713747281b1b631bfef0cb340b2977ed53d253
- SHA512
  
  e28fa28fdf87b7a28b4550cd36bfadfdd9fee0ccb6f171f8d7cd38f5e8d68cae3216e125907868c7a743bb3af7ed46996b8108361f05103baba0ec7cb2849b1e
- SSDEEP
  
  12288:RmDc9F3nC0Py3gAh/9xqIKujVs3Q27qWx9Uc0obNevohqBDfLD/Xpqlnp/Tjm:RAxoujVWx930Y0cqxZqlnd/m
Score

10^/10

xloader ssee loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2