xloader

General

Target

f91a66d080744b9e8b946984d6d747c4_JaffaCakes118
Size

960KB
Sample

240419-at2tmsbc59
MD5

f91a66d080744b9e8b946984d6d747c4
SHA1

886580b7e7d7f27135d2c9981770a2a59332e680
SHA256

c6a1a1a68b5faac43930deeab9cd6745bde62869786e21e0681b3dc0973afa80
SHA512

b559c9048de556c45f77e26d4c2f1c7785348b76ae4d5f9957e202a5c9d01e7c68a1a3958aeede45ff427ad741b01fcd15497e67898acfc5176f9ac9aa1e2238
SSDEEP

12288:p1baMm92lXt74Hu+sYq46e++BJETV7MSDPlGRZz/mnk4zQIL7cQGB3gVIZlH3pmB:pBLN4rpaJye9mjs2M

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m6b5

Decoy

ixtarbelize.com

pheamal.com

daiyncc.com

staydoubted.com

laagerlitigation.club

sukrantastansakarya.com

esupport.ltd

vetscontracting.net

themuslimlife.coach

salmanairs.com

somatictherapyservices.com

lastminuteminister.com

comunicarbuenosaires.com

kazuya.tech

insightlyservicedev.com

redevelopment38subhashnagar.com

thefutureinvestor.com

simplysu.com

lagu45.com

livingstonpistolpermit.com

Targets

- Target
  
  f91a66d080744b9e8b946984d6d747c4_JaffaCakes118
- Size
  
  960KB
- MD5
  
  f91a66d080744b9e8b946984d6d747c4
- SHA1
  
  886580b7e7d7f27135d2c9981770a2a59332e680
- SHA256
  
  c6a1a1a68b5faac43930deeab9cd6745bde62869786e21e0681b3dc0973afa80
- SHA512
  
  b559c9048de556c45f77e26d4c2f1c7785348b76ae4d5f9957e202a5c9d01e7c68a1a3958aeede45ff427ad741b01fcd15497e67898acfc5176f9ac9aa1e2238
- SSDEEP
  
  12288:p1baMm92lXt74Hu+sYq46e++BJETV7MSDPlGRZz/mnk4zQIL7cQGB3gVIZlH3pmB:pBLN4rpaJye9mjs2M
Score

10^/10

xloader zgrat m6b5 loader rat
- Detect ZGRat V1
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2