xloader

General

Target

fe93fd7b777639146c4927a698ab4c33_JaffaCakes118
Size

935KB
Sample

240421-ghrymacg36
MD5

fe93fd7b777639146c4927a698ab4c33
SHA1

43d8501440f8df5e5429090f9af6335c6b32c292
SHA256

03122f0024975ef8688129a291f7a5398a8ef02cf65f452daf3bfb2edbb3ae80
SHA512

e6ddc3e452e37f6b69d7066ff8f1b3e4e6eb93f53e64398ef01993fa2d412497189af8f9e085e7c3f58ddc894589bb507ab7909474ebb19447b3d59c6cc02743
SSDEEP

12288:gqaDADB/q7EhGteOdlClsYKWa52SyhvvzhJrOIpPjYeiMSs3p+:gvQ/vQenTW5YvLTCIpHiiE

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

di4p

Decoy

thegeeksbeanie.net

ertugrulefendi.com

avwastemanagement.com

themindfulayurveda.com

jackietalk.com

medicineshome.com

infiniteactuaries.com

brightergreens.com

titchlondon.com

kisuke-jinbocho.com

bloggerpremiumtemplates.com

fixxatag.com

windinder.com

xn--gs-prcision-fbb.com

touteslesmaisons.com

dispute72-paypal.com

redchairsewingroom.com

comparisontech.net

fazedrop.com

tradein-car.com

Targets

- Target
  
  fe93fd7b777639146c4927a698ab4c33_JaffaCakes118
- Size
  
  935KB
- MD5
  
  fe93fd7b777639146c4927a698ab4c33
- SHA1
  
  43d8501440f8df5e5429090f9af6335c6b32c292
- SHA256
  
  03122f0024975ef8688129a291f7a5398a8ef02cf65f452daf3bfb2edbb3ae80
- SHA512
  
  e6ddc3e452e37f6b69d7066ff8f1b3e4e6eb93f53e64398ef01993fa2d412497189af8f9e085e7c3f58ddc894589bb507ab7909474ebb19447b3d59c6cc02743
- SSDEEP
  
  12288:gqaDADB/q7EhGteOdlClsYKWa52SyhvvzhJrOIpPjYeiMSs3p+:gvQ/vQenTW5YvLTCIpHiiE
Score

10^/10

xloader di4p loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2