xloader

General

Target

f57bb0fe028ef8153ef5f35f49bc4814_JaffaCakes118
Size

704KB
Sample

240417-lm6psscg3x
MD5

f57bb0fe028ef8153ef5f35f49bc4814
SHA1

6097194ce764014cbc95fe96a1b4e2acccd33ab4
SHA256

f6f805093e3fcd072baf272acaa57da57ac20f7e686414a866e215817f4062e8
SHA512

30e2cbdf3628808c5425607bff5abe3888fc4925dd062a3b711ecf45e4424fc1f977ae5336d31c8209e2c979fffca71285643e7a1c3954ee403816fb643163de
SSDEEP

12288:QhJPU97PU9mso3htgYHOsBgo0q4wMsKwgPW1jPFmkxMeFk3orpXd7mPnjC6dvbWC:QhdYHOsBgo0q4wMsTgORgCMEmSXd7mmh

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p086

Decoy

jinshichain.com

worldpettraveler.com

hightecforpc.com

kj97fm.com

streetnewstv.com

webrew.club

wheretogodubai.com

apostapolitica.net

thecafy.com

vinelosangeles.com

gashinc.com

gutitout.net

bvd-invest.com

realtoroutdesk.com

lawnbowlstournaments.net

nobodyisillegal.com

abogadoorihuela.net

sanistela.com

jksecurityworld.com

peppermintproject.com

Targets

- Target
  
  f57bb0fe028ef8153ef5f35f49bc4814_JaffaCakes118
- Size
  
  704KB
- MD5
  
  f57bb0fe028ef8153ef5f35f49bc4814
- SHA1
  
  6097194ce764014cbc95fe96a1b4e2acccd33ab4
- SHA256
  
  f6f805093e3fcd072baf272acaa57da57ac20f7e686414a866e215817f4062e8
- SHA512
  
  30e2cbdf3628808c5425607bff5abe3888fc4925dd062a3b711ecf45e4424fc1f977ae5336d31c8209e2c979fffca71285643e7a1c3954ee403816fb643163de
- SSDEEP
  
  12288:QhJPU97PU9mso3htgYHOsBgo0q4wMsKwgPW1jPFmkxMeFk3orpXd7mPnjC6dvbWC:QhdYHOsBgo0q4wMsTgORgCMEmSXd7mmh
Score

10^/10

xloader p086 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2