xloader

General

Target

f84e59e42690ede739531d41ebea3d07_JaffaCakes118
Size

712KB
Sample

240418-sz38rsaa5y
MD5

f84e59e42690ede739531d41ebea3d07
SHA1

03544033cdd8cf9c911e3bad6095da4256495606
SHA256

a42fcf07a49813ee9169d0c3e69fd3b7dd98a2d3316d9861dcc8de4caa7487cd
SHA512

0155f02751e5dd487e4550ae52fb0d1d4e0a205ae1f250920150bdab495e909ccb47b984645d915b37a4aea8f39bcef5ea50c89d8810fc10e99aac842991a9e9
SSDEEP

12288:IFfumitB/fZhhgDweuBiMkk5i5jcQnmQ9AuchIOixdTVIzUUP1AUnzUSM/:IFWXzePuUMkB5jcsmQ9A5jiPWzZ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

- Target
  
  f84e59e42690ede739531d41ebea3d07_JaffaCakes118
- Size
  
  712KB
- MD5
  
  f84e59e42690ede739531d41ebea3d07
- SHA1
  
  03544033cdd8cf9c911e3bad6095da4256495606
- SHA256
  
  a42fcf07a49813ee9169d0c3e69fd3b7dd98a2d3316d9861dcc8de4caa7487cd
- SHA512
  
  0155f02751e5dd487e4550ae52fb0d1d4e0a205ae1f250920150bdab495e909ccb47b984645d915b37a4aea8f39bcef5ea50c89d8810fc10e99aac842991a9e9
- SSDEEP
  
  12288:IFfumitB/fZhhgDweuBiMkk5i5jcQnmQ9AuchIOixdTVIzUUP1AUnzUSM/:IFWXzePuUMkB5jcsmQ9A5jiPWzZ
Score

10^/10

xloader n58i loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2