xloader

General

Target

fbc0a38898145f58ec52b75a6a0d4f58_JaffaCakes118
Size

867KB
Sample

240420-c7mmzsfc4z
MD5

fbc0a38898145f58ec52b75a6a0d4f58
SHA1

0e1b7baa19c708aada04ebe148575996eb5ee7cb
SHA256

7e99dc28bcc8be32fb1477bc6b67da52d67195e1e9ebc9612118a9e180675af7
SHA512

19dc73d78176cae92fa3e6223107a965e72cd54b26ce69cb47b4bc696e67afae4d9a35a927cd75d7df583bf062b5fa129c7d49bf3e565e26167633c91085107a
SSDEEP

12288:bPvDc9F3nC0Py3gAhI3cPtgRBKmSL4NT29PnrpTtQ/wFkXih3cHIy2P5K:bPaK/LS2VnRK/w6wcHh6

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ubqk

Decoy

thewanderers.info

nowthinasten.com

salesnewage.com

fzgjx.club

transformationcamp.net

thewaltongroup30a.com

bitdoubler.info

elveronac.com

tabupolitico.com

thecureisweed.com

collegesupermatch.com

bbluedotpanowd.com

joakimrexperience.com

philorise.com

beelippy.com

glitchedcode.com

northwoodsremodeling.com

healrrr.com

precisadiagnostics.com

1crude.com

Targets

- Target
  
  fbc0a38898145f58ec52b75a6a0d4f58_JaffaCakes118
- Size
  
  867KB
- MD5
  
  fbc0a38898145f58ec52b75a6a0d4f58
- SHA1
  
  0e1b7baa19c708aada04ebe148575996eb5ee7cb
- SHA256
  
  7e99dc28bcc8be32fb1477bc6b67da52d67195e1e9ebc9612118a9e180675af7
- SHA512
  
  19dc73d78176cae92fa3e6223107a965e72cd54b26ce69cb47b4bc696e67afae4d9a35a927cd75d7df583bf062b5fa129c7d49bf3e565e26167633c91085107a
- SSDEEP
  
  12288:bPvDc9F3nC0Py3gAhI3cPtgRBKmSL4NT29PnrpTtQ/wFkXih3cHIy2P5K:bPaK/LS2VnRK/w6wcHh6
Score

10^/10

xloader ubqk loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2