xloader

General

Target

f3df2367a79e7f135a7ddaefb423ae40_JaffaCakes118
Size

229KB
Sample

240416-t1zseaeg97
MD5

f3df2367a79e7f135a7ddaefb423ae40
SHA1

a08be77c9e91a124e251155643086b3a91f0364c
SHA256

0f09b5a5ad2bf792ed543e2b170d969e40591157ed92b5766c3cc3ab7deb2df1
SHA512

7fac3bf55ceecb2c6c81d65485098164de00f977415b349dc198c2ef9145792032b9a27302e2cc1c1c1e7d5d33c9dfeb38d6c530f6d26e5f6e2eb505b0f64244
SSDEEP

6144:r0FCoUQZijcU2cYM7bEp+CyMNtark1pDXPw56x3u:w7UH2cYM7c+C9ZbXPrk

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

noi6

Decoy

yow.today

rkdreamcreations.com

etheriumtech.com

stretchwrench.com

kiddiecruise.com

stickforward.com

videocineproduccion.com

roofinginamerica.com

amarillasnuevomexico.com

armfieldmillerripley.com

macyburn.club

lvbaoshan.com

shopshelponline.com

thebunnybrands.com

newsxplor.com

momunani.com

rebelnqueen.com

tusguitarras.com

nexab2b.com

e3office.express

Targets

- Target
  
  f3df2367a79e7f135a7ddaefb423ae40_JaffaCakes118
- Size
  
  229KB
- MD5
  
  f3df2367a79e7f135a7ddaefb423ae40
- SHA1
  
  a08be77c9e91a124e251155643086b3a91f0364c
- SHA256
  
  0f09b5a5ad2bf792ed543e2b170d969e40591157ed92b5766c3cc3ab7deb2df1
- SHA512
  
  7fac3bf55ceecb2c6c81d65485098164de00f977415b349dc198c2ef9145792032b9a27302e2cc1c1c1e7d5d33c9dfeb38d6c530f6d26e5f6e2eb505b0f64244
- SSDEEP
  
  6144:r0FCoUQZijcU2cYM7bEp+CyMNtark1pDXPw56x3u:w7UH2cYM7c+C9ZbXPrk
Score

10^/10

xloader noi6 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2