xloader

General

Target

f977d96c98335083d54f9b9b54fb0cd9_JaffaCakes118
Size

517KB
Sample

240419-ephmeshc5t
MD5

f977d96c98335083d54f9b9b54fb0cd9
SHA1

298da015025154518be5739918956b6b96b91090
SHA256

9c9a99423087bdfd23df04a29984273ba056021ee54e815d2cd85103a9548eff
SHA512

4a339d18aa36a149faecb1d6521008220f33a24177aa27ed4194ff73b57a920ab3b49ec3c2eda787325cad5a554c681fea2cf5603f37e1abaaada82cfc77768d
SSDEEP

6144:7FLHgMkhBmA8L8z14cb5TrJbGAdRkx4wSsOXgMx7Dml3SjK:75SBYgWcJrJBdRkpOXk

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mexq

Decoy

cyebang.com

hcswwsz.com

50003008.com

yfly624.xyz

trungtamhohap.xyz

sotlbb.com

bizhan69.com

brandmty.net

fucibou.xyz

orderinformantmailer.store

nobleminers.com

divinevoid.com

quickappraisal.net

adventuretravelsworld.com

ashainitiativemp.com

ikkbs-a02.com

rd26x.com

goraeda.com

abbastanza.info

andypartridge.photography

Targets

- Target
  
  f977d96c98335083d54f9b9b54fb0cd9_JaffaCakes118
- Size
  
  517KB
- MD5
  
  f977d96c98335083d54f9b9b54fb0cd9
- SHA1
  
  298da015025154518be5739918956b6b96b91090
- SHA256
  
  9c9a99423087bdfd23df04a29984273ba056021ee54e815d2cd85103a9548eff
- SHA512
  
  4a339d18aa36a149faecb1d6521008220f33a24177aa27ed4194ff73b57a920ab3b49ec3c2eda787325cad5a554c681fea2cf5603f37e1abaaada82cfc77768d
- SSDEEP
  
  6144:7FLHgMkhBmA8L8z14cb5TrJbGAdRkx4wSsOXgMx7Dml3SjK:75SBYgWcJrJBdRkpOXk
Score

10^/10

xloader mexq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2