xloader

General

Target

fb09930fef88a42136701f65a022b295_JaffaCakes118
Size

522KB
Sample

240419-yg19cadg33
MD5

fb09930fef88a42136701f65a022b295
SHA1

b02fbfa3f79ba09993d018525a5e2384c271d965
SHA256

fd44538306bd2862cfa6b1f7beac43d5736b43ffa070ea5c188573daf564fb00
SHA512

a1132a4c2fb8bba5474faa8f676fb26773c77c70ce59261a36192a69513206450c0a721b6bb109d2458bde567b8f025e620b7afc58d64db2a9509b2bde9cc969
SSDEEP

12288:eEpwL1iOMm8N+r0B8SoFjzYAp3rnFXtATja:p+1i68N+A1mVRrltt

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m6b5

Decoy

ixtarbelize.com

pheamal.com

daiyncc.com

staydoubted.com

laagerlitigation.club

sukrantastansakarya.com

esupport.ltd

vetscontracting.net

themuslimlife.coach

salmanairs.com

somatictherapyservices.com

lastminuteminister.com

comunicarbuenosaires.com

kazuya.tech

insightlyservicedev.com

redevelopment38subhashnagar.com

thefutureinvestor.com

simplysu.com

lagu45.com

livingstonpistolpermit.com

Targets

- Target
  
  Inv_7623980.exe
- Size
  
  821KB
- MD5
  
  fd45ab42cffc17209261bff2430c8245
- SHA1
  
  d06143966b8ca02db582f5111fc275844796786f
- SHA256
  
  6afa5e287f69f392b8481a94ebb1729c606a1f1023820e79e942ad40dfe96859
- SHA512
  
  c6326b0d3f029bfe7b9d2cee32b89dee3b46b921af5f342958971d5c5be4e2be6fd9d3ca518b5215f6f0a3572d4f739922f1f7392c67acd1967c42d99145252f
- SSDEEP
  
  12288:vMrP7wwt12QLaX3miWy4hTniOHDA4HnIsNGEG9gfy27ONd+5nDCZ+ug3vI4SeZ91:ErP7ww4V4h2wChgfVu8q7mo5oFCEkv
Score

10^/10

xloader m6b5 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2