xloader

General

Target

f97387cf1ed097f9f1185ecb8d63d425_JaffaCakes118
Size

418KB
Sample

240419-ehzblaha7z
MD5

f97387cf1ed097f9f1185ecb8d63d425
SHA1

a737798f98adfedab12d1b8161ebfc0db31767da
SHA256

b4bb472d39c592fc4e99ecdd59cc1284255666c72ba5eccc7f5b39780e53141e
SHA512

b8aadb681f1e492bea50f722d34a431c5fb46c32fdb23ca54f5bc43474672dae49ef95d3e3188b739561b6f76c8d05b1ab07d34473da2c3a1dcfff18a866185d
SSDEEP

6144:3LTfaVy5OOu+n20JpbO8yfyV68lyixJQ0KDJNXiTF85rDcp0+DMC:vfalOu+n/U8c50WNCFy3x+QC

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6a4

Decoy

reviewsresolutions.com

binhminhgardenshophouse.com

nebulacom.com

kadhambaristudio.com

viltoom.club

supmomma.com

tjszxddc.com

darlingmemories.com

hyperultrapure.com

vibembrio.com

reallycoolmask.com

cumbukita.com

brian-newby.com

abstractaccessories.com

marykinky.com

minnesotareversemtgloans.com

prasetlement.com

xplpgi.com

xn--gdask-y7a.com

uababaseball.com

Targets

- Target
  
  f97387cf1ed097f9f1185ecb8d63d425_JaffaCakes118
- Size
  
  418KB
- MD5
  
  f97387cf1ed097f9f1185ecb8d63d425
- SHA1
  
  a737798f98adfedab12d1b8161ebfc0db31767da
- SHA256
  
  b4bb472d39c592fc4e99ecdd59cc1284255666c72ba5eccc7f5b39780e53141e
- SHA512
  
  b8aadb681f1e492bea50f722d34a431c5fb46c32fdb23ca54f5bc43474672dae49ef95d3e3188b739561b6f76c8d05b1ab07d34473da2c3a1dcfff18a866185d
- SSDEEP
  
  6144:3LTfaVy5OOu+n20JpbO8yfyV68lyixJQ0KDJNXiTF85rDcp0+DMC:vfalOu+n/U8c50WNCFy3x+QC
Score

10^/10

xloader b6a4 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2