xloader

General

Target

fba751eff82d2111736684b45044ed38_JaffaCakes118
Size

804KB
Sample

240420-b595tseb6s
MD5

fba751eff82d2111736684b45044ed38
SHA1

b3727dae5024c3e7f4f11d0bde8df103c815f7e9
SHA256

cf7d85d93de196b42c3efb7909e8304a2d053f11cd3ee987d6dbde1468b323f7
SHA512

113385b0224dab09d0f5041d3ff47833de55b07e97c7350bfb4ff2cbf6a9385fe9451ec9ca09a80800df50f212ea7a32063d3a4b36d1b8afbc81d415f3d1ec9e
SSDEEP

12288:4o6U4KPD48QihhdXBg/nB1LBKxTJtypWqZJyu6Vx+791tWPU62iN:4o6UQ8Qi9XAB1WbkZWnxi0U61

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p6nu

Decoy

oncodelogic.com

hielogram.com

zkioc.com

peercoding.com

justingagnonprivatewealth.com

jubilee-painters.com

palmeyayinevi.net

jetsetstar.com

socialbookmarking.website

pizzasofeight.com

ilinkww.com

keefeandadrienne.com

topconsolidationoffers.com

bbota.com

mytwinklinglights.com

ggr-rules.com

tianlano3.com

scientiagenus.com

shivanisharmagroup.com

humblenbundle.com

Targets

- Target
  
  fba751eff82d2111736684b45044ed38_JaffaCakes118
- Size
  
  804KB
- MD5
  
  fba751eff82d2111736684b45044ed38
- SHA1
  
  b3727dae5024c3e7f4f11d0bde8df103c815f7e9
- SHA256
  
  cf7d85d93de196b42c3efb7909e8304a2d053f11cd3ee987d6dbde1468b323f7
- SHA512
  
  113385b0224dab09d0f5041d3ff47833de55b07e97c7350bfb4ff2cbf6a9385fe9451ec9ca09a80800df50f212ea7a32063d3a4b36d1b8afbc81d415f3d1ec9e
- SSDEEP
  
  12288:4o6U4KPD48QihhdXBg/nB1LBKxTJtypWqZJyu6Vx+791tWPU62iN:4o6UQ8Qi9XAB1WbkZWnxi0U61
Score

10^/10

xloader p6nu loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2