xloader

General

Target

f826defd978e74a09d47ad5cbe2a6c93_JaffaCakes118
Size

347KB
Sample

240418-rcf92sgb9w
MD5

f826defd978e74a09d47ad5cbe2a6c93
SHA1

6892b6ebc8301ac535af2391aa0563453082fa4f
SHA256

2aa4e557d70c43b63c4c83dae89a00b09ded7c16317a30cce69d8b44c4ae2c2d
SHA512

44f3e9d07b4b520a5004c11ff903fa2868a423d062fc5f18c7faf0b45343d593db75a36b4585729b95488616a490af1facb66ad98a2d5f061b78021ba9f1c811
SSDEEP

6144:pF49qqKGPBcwqh3SBYA4444444444444BffIq2DPzY1vPT+hn7kg46meJl+Ku:pzvGPOEYdfvEzY56kumeJl+x

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6a4

Decoy

reviewsresolutions.com

binhminhgardenshophouse.com

nebulacom.com

kadhambaristudio.com

viltoom.club

supmomma.com

tjszxddc.com

darlingmemories.com

hyperultrapure.com

vibembrio.com

reallycoolmask.com

cumbukita.com

brian-newby.com

abstractaccessories.com

marykinky.com

minnesotareversemtgloans.com

prasetlement.com

xplpgi.com

xn--gdask-y7a.com

uababaseball.com

Targets

- Target
  
  f826defd978e74a09d47ad5cbe2a6c93_JaffaCakes118
- Size
  
  347KB
- MD5
  
  f826defd978e74a09d47ad5cbe2a6c93
- SHA1
  
  6892b6ebc8301ac535af2391aa0563453082fa4f
- SHA256
  
  2aa4e557d70c43b63c4c83dae89a00b09ded7c16317a30cce69d8b44c4ae2c2d
- SHA512
  
  44f3e9d07b4b520a5004c11ff903fa2868a423d062fc5f18c7faf0b45343d593db75a36b4585729b95488616a490af1facb66ad98a2d5f061b78021ba9f1c811
- SSDEEP
  
  6144:pF49qqKGPBcwqh3SBYA4444444444444BffIq2DPzY1vPT+hn7kg46meJl+Ku:pzvGPOEYdfvEzY56kumeJl+x
Score

10^/10

xloader b6a4 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2