xloader

General

Target

fd45b4fe49d0e8c38c34fdd1bdad1dda_JaffaCakes118
Size

524KB
Sample

240420-v8rmfadh24
MD5

fd45b4fe49d0e8c38c34fdd1bdad1dda
SHA1

955da56927ee2d3afe02a1cef22d7384fe7066eb
SHA256

5d5aa4f1afaa9dd98bc1317f5b8e190cf21130d465da575fac9d4fbc6b3fb3af
SHA512

dffd9842de31f170c2f6d22cf067ad7f4aacd97011f0d5751071baa9011fcab90a1e6e21c3301241107efbd8b0aa40707dde0e7003082ff41cb08cdfcdc56589
SSDEEP

12288:9E+M7a6xtv2uMblHYqZ8kr6Z+A2skebXul0tGsucD3SB:K+NctvvalY5e6xD30sucDiB

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b5ce

Decoy

advellerd.xyz

giasuvina.com

arab-xt-pro.com

ahsltu2ua4.com

trasportesemmanuel.com

kissimmeesoccercup.com

studyengland.com

m2volleyballclub.com

shyuehuan.com

elsml.com

blog-x-history.top

coditeu.com

allattachments.net

vigautruc.com

mentication.com

zambiaedu.xyz

filadelfiacenter.com

avlaborsourceinc.info

tameka-stewart.com

studio-cleo.com

Targets

- Target
  
  fd45b4fe49d0e8c38c34fdd1bdad1dda_JaffaCakes118
- Size
  
  524KB
- MD5
  
  fd45b4fe49d0e8c38c34fdd1bdad1dda
- SHA1
  
  955da56927ee2d3afe02a1cef22d7384fe7066eb
- SHA256
  
  5d5aa4f1afaa9dd98bc1317f5b8e190cf21130d465da575fac9d4fbc6b3fb3af
- SHA512
  
  dffd9842de31f170c2f6d22cf067ad7f4aacd97011f0d5751071baa9011fcab90a1e6e21c3301241107efbd8b0aa40707dde0e7003082ff41cb08cdfcdc56589
- SSDEEP
  
  12288:9E+M7a6xtv2uMblHYqZ8kr6Z+A2skebXul0tGsucD3SB:K+NctvvalY5e6xD30sucDiB
Score

10^/10

xloader b5ce loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2