xloader

General

Target

fbf8d032fde86033a87ad7ff1a1eb1be_JaffaCakes118
Size

427KB
Sample

240420-fjr5cahh2z
MD5

fbf8d032fde86033a87ad7ff1a1eb1be
SHA1

f1535897f521a5e82e58dc25ff7f6441bcfe3aa7
SHA256

57fc066ed4b0d7000427e0f9982ca238aa3fe378f307c51a88e8a09423b9c0f2
SHA512

0092dd8ad2b458216c7d6034e3a793404acd75340d656eabb533a2009697f16312cb28fe7f2a929b7fac1b91e12a2fca5f4a1b2342201772b7f54465b9847773
SSDEEP

12288:JgnUVgkue6LsDxcjow6FhJFmVVErWm9EkN0+mZ:IO6L996f9Eku

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pagi

Decoy

makehrworkable.com

sound-wisdom.com

blacts.com

caenantglamping.com

meridiancpas.com

draughtedinn.co.uk

windywoodshc.com

mintmovileplus.com

pubgeventdailylogin.com

thesocialdzr.com

holapv.com

racevc.com

openpula.pro

wepreventstroke.com

autoclosy.com

enginkarabacak.com

15096eec1652.info

buildthefoundation.net

pwilliamberciklaw.com

paramountrevenueadvisors.com

Targets

- Target
  
  PaymentAdvice.exe
- Size
  
  250KB
- MD5
  
  6a9209198711b88b06ed9834692ca1c8
- SHA1
  
  1f25855e8d81f9898689edbfbc0458a862d29663
- SHA256
  
  33d3af05d1fcf28764c48629687647f8a765d4dfccee946a470356366f521387
- SHA512
  
  35142e44c94cd2fceb726ed0ebf5065878bf0a085d3092a6f8e7302033cb885da163a1d8fc61d23f23280257a3f2aacd67add75d0cd949cc55157cbdde169d99
- SSDEEP
  
  3072:svecvGokz8uuewZe4qhkALYf+M2cOaiT62nSxZv1xFddEnkwoJIlePAm1AdV:svNKz8ZFZP6k+htxtSfrw6IRiAX
Score

10^/10

xloader pagi loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2