xloader

General

Target

f6f7c5035c194b349fc4ce2c4f04411f_JaffaCakes118
Size

212KB
Sample

240418-bh9ksaef69
MD5

f6f7c5035c194b349fc4ce2c4f04411f
SHA1

a2a17b51c701f90f2e17a3acb7b235f8110df4dc
SHA256

6bf22d3dad8fea65c751f514871c6cd2913727cbb700ebcfed482f0dcb04e639
SHA512

9212f58ad7d671952e1d1a58011062164903b804f05fc0e86f7fb85862ae7d52f8446a3973cf1a5da5f4cc60a2673a48958b8b1a32972864213eee03121c35f8
SSDEEP

6144:4ycP7AzeJdYWngwBpjRFXdur9dodHtlFh+fd7yXn:4yq7AajYWngIjzIx45h+5y3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

usvr

Decoy

theblockmeatstore.com

drone-moment.com

srsfashionbd.com

kylayagerartwork.com

instagrams.tools

rosenwealth.com

indicraftsvilla.com

rswizard.com

irist.one

pubgclaimx14.com

thegeorgiahomefinder.com

unusualdog.com

kifayatikart.com

methodunit.net

bavarian-luxury.com

17391000.com

ipcsaveday.com

yael-b.com

pasionqueconecta.com

youngsvideography.com

Targets

- Target
  
  ORDER#710665_PDF.exe
- Size
  
  227KB
- MD5
  
  e3f8392aa03280bb36a3dc058e44fca5
- SHA1
  
  2f7efa75f8c1d791007a006bd820a2f735b7fb22
- SHA256
  
  cc0e5224224cd1137d4cdff798462d06a7e5e39e97858aac2ecc3c27b5c30b42
- SHA512
  
  5323da860079bf60e6f96dc6a99f2d50e086279b9563d1c5173ed3d17a02fbffa304be01c5f31e20c35e1d18c2891d00dda888cdaf54aae9e5c29b5381856faa
- SSDEEP
  
  6144:PUd4OmBdYEOOTIPm1+F0lwq/xBQe+UKy9q:CNsvOxPmsWlwq5togq
Score

10^/10

xloader usvr loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2