xloader

General

Target

ee3212d883ce63ef05b936dbedb4b70b_JaffaCakes118
Size

1.4MB
Sample

240411-yew7lsee3s
MD5

ee3212d883ce63ef05b936dbedb4b70b
SHA1

f6994267c906b26fe349ee6207c20ef6b9d8ca80
SHA256

2c336827adde412195111c70897fbf8def2d970e22e3a036d83640bacff81b3d
SHA512

c669615650c4e0268c0d838f165176065729e99a7266a668d1c4fc6b8bd4ae10ee461a4de0ad08d970b1b7049dc56cbde60eb3af0b9480a1e723f7d43a8843da
SSDEEP

24576:5W/S/d3wYdkRToVXytvRDsz+VTY6VKKmwRGPoN7vdiTbnFMd:XFXytvZ9VKKm/PoiMd

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ubqx

Decoy

missingounces.com

lanjay.com

whizbets.com

maltaprefix.icu

vmatranslations.com

nuno-hh.com

dxcsmm.com

maxirnintegrated.com

jpavwa.com

shieldsvalleyrancher.com

chennaimarketplace.store

onlineordersecrets.com

missysluxuryhairbundles.com

olmtopst.info

abcbooch.com

aycarcarrental.com

firsttexassubaru.com

lessstuffmorestory.com

nassausbestroofers.com

j976.net

Targets

- Target
  
  ee3212d883ce63ef05b936dbedb4b70b_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  ee3212d883ce63ef05b936dbedb4b70b
- SHA1
  
  f6994267c906b26fe349ee6207c20ef6b9d8ca80
- SHA256
  
  2c336827adde412195111c70897fbf8def2d970e22e3a036d83640bacff81b3d
- SHA512
  
  c669615650c4e0268c0d838f165176065729e99a7266a668d1c4fc6b8bd4ae10ee461a4de0ad08d970b1b7049dc56cbde60eb3af0b9480a1e723f7d43a8843da
- SSDEEP
  
  24576:5W/S/d3wYdkRToVXytvRDsz+VTY6VKKmwRGPoN7vdiTbnFMd:XFXytvZ9VKKm/PoiMd
Score

10^/10

xloader ubqx loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2