xloader

General

Target

26a5cbbf551c2a810792aad03ed4d51b_JaffaCakes118
Size

757KB
Sample

240508-zhhdashb27
MD5

26a5cbbf551c2a810792aad03ed4d51b
SHA1

b509a59df8bcbb441cb8f527c920a37e49521098
SHA256

af164cd974521a1577be7c68ed0babe78e59f94ae13f79777f8565cef148c09f
SHA512

4c40d768a311682b16e8309e8d94216ecb27988f95dbe78645ab7de856c5f78b333ec608a37b21448f6abc0fd4c5976aa7a46aa3adad2423941a8e71fa093ee0
SSDEEP

12288:j4jGha4fxBa4wlDKffkMZvhxgnjeQZbzO/pEDAM3HFQYzPB8:jKlaBa1sMMZvIniOzOhEVQ0

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

0tog

Decoy

youronlinedreambusiness.com

smileyefero.com

cakoi.xyz

webhostpm.com

kuralike.com

icfc-lr.com

cosyduck.com

carsmovietheater.com

patchwholesale.com

cdershoushichang.com

hanweiled.com

bestselfietools.com

debatestt.com

elidasimports.com

ancestry-render.net

cxyl968.com

diamantes500.net

yumesouko.xyz

martinezaffordableplumbing.com

idecu.website

Targets

- Target
  
  26a5cbbf551c2a810792aad03ed4d51b_JaffaCakes118
- Size
  
  757KB
- MD5
  
  26a5cbbf551c2a810792aad03ed4d51b
- SHA1
  
  b509a59df8bcbb441cb8f527c920a37e49521098
- SHA256
  
  af164cd974521a1577be7c68ed0babe78e59f94ae13f79777f8565cef148c09f
- SHA512
  
  4c40d768a311682b16e8309e8d94216ecb27988f95dbe78645ab7de856c5f78b333ec608a37b21448f6abc0fd4c5976aa7a46aa3adad2423941a8e71fa093ee0
- SSDEEP
  
  12288:j4jGha4fxBa4wlDKffkMZvhxgnjeQZbzO/pEDAM3HFQYzPB8:jKlaBa1sMMZvIniOzOhEVQ0
Score

10^/10

xloader 0tog loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2