xloader

General

Target

ffc988ffa94c00b1df35c93df5656097_JaffaCakes118
Size

429KB
Sample

240421-vyx2gagc7v
MD5

ffc988ffa94c00b1df35c93df5656097
SHA1

0c5cc4c1393dfdb09d78cbf3cb6d2a639963e29a
SHA256

bec27130e133afdcfe5a436da5d210e96caadb8a922295caa36ac69a42d14fd9
SHA512

a89fb1e92a027b0fcf6e7660ac6ca11e6e14b2ad166eabd464d4895cf7d409c3798fc2737e63102213f297f42138bdc00635c8266ec133eaa5b9797a4490c1db
SSDEEP

12288:wUi2iN9liiu9k/5XNA57ALTCGz5Qx/TWaM:wUi1A45NA57yTCGz2x/Tw

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mjyv

Decoy

wenyuexuan.com

tropicaldepression.info

healthylifefit.com

reemletenleafy.com

jmrrve.com

mabduh.com

esomvw.com

selfcaresereneneness.com

murdabudz.com

meinemail.online

brandqrcodes.com

live-in-pflege.com

nickrecovery.com

ziototoristorante.com

chatcure.com

corlora.com

localagentlab.com

yogo7.net

krveop.com

heianswer.xyz

Targets

- Target
  
  ffc988ffa94c00b1df35c93df5656097_JaffaCakes118
- Size
  
  429KB
- MD5
  
  ffc988ffa94c00b1df35c93df5656097
- SHA1
  
  0c5cc4c1393dfdb09d78cbf3cb6d2a639963e29a
- SHA256
  
  bec27130e133afdcfe5a436da5d210e96caadb8a922295caa36ac69a42d14fd9
- SHA512
  
  a89fb1e92a027b0fcf6e7660ac6ca11e6e14b2ad166eabd464d4895cf7d409c3798fc2737e63102213f297f42138bdc00635c8266ec133eaa5b9797a4490c1db
- SSDEEP
  
  12288:wUi2iN9liiu9k/5XNA57ALTCGz5Qx/TWaM:wUi1A45NA57yTCGz2x/Tw
Score

10^/10

xloader mjyv loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2