xloader

General

Target

f23ce10beca49b9fb15f9cfda7c47ca9_JaffaCakes118
Size

395KB
Sample

240416-afpl6aca82
MD5

f23ce10beca49b9fb15f9cfda7c47ca9
SHA1

c0d38c1f8a41058c2a5f3b582c131704fdb20fc5
SHA256

9f863c400c0f7ef5153fd38edda4137b13143278de8b06de05b9323e91c974d4
SHA512

1a3259e98deb84af6c1e2b49d53853c4a6753f3c2b68a41520bbfdb082fe9496653e1e5a93749b8ba67c9c1421dddea1d145d204f18c5215faeb7885daf0c9cd
SSDEEP

6144:EtGVUIBxt0Vjt48QPjaVlrBvdKI1l4DH/kYDXhe4gskt9EgrxY:pfBr0VW8YjKP8I1l4DHVDczDG

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b5ce

Decoy

advellerd.xyz

giasuvina.com

arab-xt-pro.com

ahsltu2ua4.com

trasportesemmanuel.com

kissimmeesoccercup.com

studyengland.com

m2volleyballclub.com

shyuehuan.com

elsml.com

blog-x-history.top

coditeu.com

allattachments.net

vigautruc.com

mentication.com

zambiaedu.xyz

filadelfiacenter.com

avlaborsourceinc.info

tameka-stewart.com

studio-cleo.com

Targets

- Target
  
  f23ce10beca49b9fb15f9cfda7c47ca9_JaffaCakes118
- Size
  
  395KB
- MD5
  
  f23ce10beca49b9fb15f9cfda7c47ca9
- SHA1
  
  c0d38c1f8a41058c2a5f3b582c131704fdb20fc5
- SHA256
  
  9f863c400c0f7ef5153fd38edda4137b13143278de8b06de05b9323e91c974d4
- SHA512
  
  1a3259e98deb84af6c1e2b49d53853c4a6753f3c2b68a41520bbfdb082fe9496653e1e5a93749b8ba67c9c1421dddea1d145d204f18c5215faeb7885daf0c9cd
- SSDEEP
  
  6144:EtGVUIBxt0Vjt48QPjaVlrBvdKI1l4DH/kYDXhe4gskt9EgrxY:pfBr0VW8YjKP8I1l4DHVDczDG
Score

10^/10

xloader b5ce loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2