xloader

General

Target

fd84eb337a51966294ba08722170bf46_JaffaCakes118
Size

1014KB
Sample

240420-ync54aha4v
MD5

fd84eb337a51966294ba08722170bf46
SHA1

1f529d60e2dc50deaac59af322708039da33c3be
SHA256

8da806444010084307c77bf3a69f66ca36c15920bd7b9f60fdcf35fccd460701
SHA512

a522ba8c6daddbf69f711ef859c7e8fb79e2ab00372e6626af9119d82ef8cf22b0e2ebcc1897cd88810be5ee01b11e0950dbf0853ceb630de3e916ac3bacd847
SSDEEP

12288:rFhlsU1cTDO+emag5IFyPK7yMmeP1vwdyAook1GZEUFA1Vk82C867LiuNyxv2AdU:rFhlXcOyeL3JStX+PbLk2QHQ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p6f2

Decoy

redsnews.com

vr859.com

postmasterstudios.com

hampsteadorganizer.com

hangshop.net

maheshwaramlawcollege.com

5156087.com

gtaaddict.com

faj.xyz

drivechicagoillinois.com

neerutech.com

b2brahmas.com

freshlookks.com

propertyparallel.tech

tlwbyads.com

sellektorkids.com

dexs.fyi

kileybrock.com

nervstudio.com

tosg-ltd.com

Targets

- Target
  
  fd84eb337a51966294ba08722170bf46_JaffaCakes118
- Size
  
  1014KB
- MD5
  
  fd84eb337a51966294ba08722170bf46
- SHA1
  
  1f529d60e2dc50deaac59af322708039da33c3be
- SHA256
  
  8da806444010084307c77bf3a69f66ca36c15920bd7b9f60fdcf35fccd460701
- SHA512
  
  a522ba8c6daddbf69f711ef859c7e8fb79e2ab00372e6626af9119d82ef8cf22b0e2ebcc1897cd88810be5ee01b11e0950dbf0853ceb630de3e916ac3bacd847
- SSDEEP
  
  12288:rFhlsU1cTDO+emag5IFyPK7yMmeP1vwdyAook1GZEUFA1Vk82C867LiuNyxv2AdU:rFhlXcOyeL3JStX+PbLk2QHQ
Score

10^/10

xloader zgrat p6f2 loader rat
- Detect ZGRat V1
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2