xloader

General

Target

f3a7017cd3bd289fcf75769b73de473d_JaffaCakes118
Size

837KB
Sample

240416-re9pdabh59
MD5

f3a7017cd3bd289fcf75769b73de473d
SHA1

d6361efe1dcaf124118fc1315e081d698815b80f
SHA256

33b5454f7d305d2be3b59aef5cb73077820e63bb6f812358bd5f8a72c17cc5e6
SHA512

344a3d563fb14c1ceece19dde5e73c1bcba41e459f9308503af506cf3895364fe93e5b971d4bc43f302db461d60e7c032ba8f58d2c408cdfa22840d3e1044934
SSDEEP

12288:IYicjeYrA7Z/oR65AXwgFvuSSjImRQucjdhcSsBpnNZAuZcyFXTPp/pFc0b86XzU:IYooR6qg5Xm01BpjZcyFjB/pDBDpW

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

adn9

Decoy

suffrage19.com

desmareesmontantes.net

polishchuk-myroslava.com

compro-online.com

leadenhallstreettrustees.com

beixiyb.com

startlite.net

thewavelengthco.com

shop-sign-drive.com

angeliquestidhum.com

kaanins.com

reversemortgageloantexas.com

alveolo.net

everythingwholesalers.com

islacros.digital

bainrix.com

brittanyinbloom.com

zfezx08.com

yongqingfanhuali.com

gypsyjewelint.com

Targets

- Target
  
  f3a7017cd3bd289fcf75769b73de473d_JaffaCakes118
- Size
  
  837KB
- MD5
  
  f3a7017cd3bd289fcf75769b73de473d
- SHA1
  
  d6361efe1dcaf124118fc1315e081d698815b80f
- SHA256
  
  33b5454f7d305d2be3b59aef5cb73077820e63bb6f812358bd5f8a72c17cc5e6
- SHA512
  
  344a3d563fb14c1ceece19dde5e73c1bcba41e459f9308503af506cf3895364fe93e5b971d4bc43f302db461d60e7c032ba8f58d2c408cdfa22840d3e1044934
- SSDEEP
  
  12288:IYicjeYrA7Z/oR65AXwgFvuSSjImRQucjdhcSsBpnNZAuZcyFXTPp/pFc0b86XzU:IYooR6qg5Xm01BpjZcyFjB/pDBDpW
Score

10^/10

xloader adn9 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2