xloader

General

Target

3032632f0a00a33817224cb306b18795_JaffaCakes118
Size

325KB
Sample

240510-vwnd9agf7y
MD5

3032632f0a00a33817224cb306b18795
SHA1

03af6f9714444e6ab41949e67d05cfdfbb0b3faa
SHA256

1c25b56211f31c6b5b12f3f2f108fcbe15095a815475bc1601a80222b1d4b220
SHA512

7196af265617655f6ed60cf51e79d9b671793bd12d17aeb024c7220075fd01e7730bacd8d07236be17537bddf460a5e33532307a6cd6c92b16067e71a7952800
SSDEEP

6144:PZVDcH77hl6sxVoVnwLboDKMv3/NUOdUPUV:PnIHvv5UVwLMD73/NUOdUMV

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

bs85

Decoy

needcoupon.net

studio-nock.com

gladiadorcalistenia.com

proctaur.com

motemo.com

jackedhammerfitness.com

monkeysinthesky.com

milagrotacosandcantina.com

buddyresort.com

liaocheng8.xyz

vegauitdeoven.com

henriquezelectric.net

mxzc365.com

eneeds.net

elementsbuy.com

klinaton.com

choicescapes.net

waveadmit.guru

lakehoustonrugby.com

office-by-experts.com

Targets

- Target
  
  3032632f0a00a33817224cb306b18795_JaffaCakes118
- Size
  
  325KB
- MD5
  
  3032632f0a00a33817224cb306b18795
- SHA1
  
  03af6f9714444e6ab41949e67d05cfdfbb0b3faa
- SHA256
  
  1c25b56211f31c6b5b12f3f2f108fcbe15095a815475bc1601a80222b1d4b220
- SHA512
  
  7196af265617655f6ed60cf51e79d9b671793bd12d17aeb024c7220075fd01e7730bacd8d07236be17537bddf460a5e33532307a6cd6c92b16067e71a7952800
- SSDEEP
  
  6144:PZVDcH77hl6sxVoVnwLboDKMv3/NUOdUPUV:PnIHvv5UVwLMD73/NUOdUMV
Score

10^/10

xloader zgrat bs85 loader rat
- Detect ZGRat V1
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2