xloader

General

Target

f5e8a440c4d1c017b4a8dfc2bed4608f_JaffaCakes118
Size

224KB
Sample

240417-qz519abf8s
MD5

f5e8a440c4d1c017b4a8dfc2bed4608f
SHA1

5d2b844eeadae6958d46b02ab2615e174b58dbbe
SHA256

52f806c63abcb56facb2b2e12e9df8b142a08d9f35d55923f68cf9681cbdd7cf
SHA512

bd992f4268151bebf01777036d556815357a1e90280206d24b1dc51a400dd45c8336502ba40cddb3bbf3c44f06327fc4e390faa67adc54f62c881c2c3d555d17
SSDEEP

3072:ArSthTTTTTTTTTTTTTbeOB2f1Gb6l3bVMSgu2jmnd1CqsSL/omlT5uhCRKRe4TBo:gcVemEX0SgBmeq1wmqh7MxNKJcNnmW

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p086

Decoy

jinshichain.com

worldpettraveler.com

hightecforpc.com

kj97fm.com

streetnewstv.com

webrew.club

wheretogodubai.com

apostapolitica.net

thecafy.com

vinelosangeles.com

gashinc.com

gutitout.net

bvd-invest.com

realtoroutdesk.com

lawnbowlstournaments.net

nobodyisillegal.com

abogadoorihuela.net

sanistela.com

jksecurityworld.com

peppermintproject.com

Targets

- Target
  
  f5e8a440c4d1c017b4a8dfc2bed4608f_JaffaCakes118
- Size
  
  224KB
- MD5
  
  f5e8a440c4d1c017b4a8dfc2bed4608f
- SHA1
  
  5d2b844eeadae6958d46b02ab2615e174b58dbbe
- SHA256
  
  52f806c63abcb56facb2b2e12e9df8b142a08d9f35d55923f68cf9681cbdd7cf
- SHA512
  
  bd992f4268151bebf01777036d556815357a1e90280206d24b1dc51a400dd45c8336502ba40cddb3bbf3c44f06327fc4e390faa67adc54f62c881c2c3d555d17
- SSDEEP
  
  3072:ArSthTTTTTTTTTTTTTbeOB2f1Gb6l3bVMSgu2jmnd1CqsSL/omlT5uhCRKRe4TBo:gcVemEX0SgBmeq1wmqh7MxNKJcNnmW
Score

10^/10

xloader p086 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2