xloader

General

Target

fd30d28fcbcb1355343d594752b78772_JaffaCakes118
Size

345KB
Sample

240420-vdg5hsde2v
MD5

fd30d28fcbcb1355343d594752b78772
SHA1

33cb0811591d84b68ce5cb07e1050e4dea0ce6cf
SHA256

d00f87049fb2c7cbbf506ca2361e8295fe06926f17e1d2c16cfe3e88a2902f5a
SHA512

5367ea6f2fea98f3942abc25b0c628d34443280f90eeae3d22d10686b428113237dd5708160ee5c790dc12c14a3a5b3505afc2c143d1392b93949cf3749e0f6b
SSDEEP

6144:5CU7yTJH63y+Ah44w19QG3pLKSiUZrNVfs8V:oU7sOp4nS9QuNN2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

iq3g

Decoy

itbcx.com

katielegget.com

myneighorsbasement.com

charts.wiki

toricolucci.com

ntlichengmodel.com

onsaleja.com

nailsbyleentje.com

freya-lux.com

moodyblack.com

mseoljaehwi.com

successfulsend.com

dr-roach.com

nargilegalerisi.com

animalhoney.com

indiarankers.com

botcantaysitokata.club

okinawakurashinavi.com

ceev-japan.com

shsqyy.com

Targets

- Target
  
  fd30d28fcbcb1355343d594752b78772_JaffaCakes118
- Size
  
  345KB
- MD5
  
  fd30d28fcbcb1355343d594752b78772
- SHA1
  
  33cb0811591d84b68ce5cb07e1050e4dea0ce6cf
- SHA256
  
  d00f87049fb2c7cbbf506ca2361e8295fe06926f17e1d2c16cfe3e88a2902f5a
- SHA512
  
  5367ea6f2fea98f3942abc25b0c628d34443280f90eeae3d22d10686b428113237dd5708160ee5c790dc12c14a3a5b3505afc2c143d1392b93949cf3749e0f6b
- SSDEEP
  
  6144:5CU7yTJH63y+Ah44w19QG3pLKSiUZrNVfs8V:oU7sOp4nS9QuNN2
Score

10^/10

xloader iq3g loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2