xloader

General

Target

544ece457e19d0f63969651b6a61aa49_JaffaCakes118
Size

416KB
Sample

240518-mw5drsfh25
MD5

544ece457e19d0f63969651b6a61aa49
SHA1

f7564ce804a93ee22d38669a611266eba0449878
SHA256

4761bbde870190a51ffa8598c442af5b834476c02839626eebc85fc21eb94c17
SHA512

0d7ecf3945d798cb577b56e8c5dad906207e484889761e1671a93d1c9b0995897faf8d9058e3e53c4c849a0c019fedf5330317d443ec2d4fbcc7dbac92deb3ea
SSDEEP

12288:zE+nOoXmJLVdEtCDpz3Vw4qOJg8RlKQtSV1Hm:zEJVdEtCDpz3VO4rPKQtSHHm

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

ggb4

Decoy

page-helpdesk-submit37950.com

deathmedical.com

cr20business.com

4469783.com

shoesupweb.com

magallanes.xyz

mayfairfestival.com

obezzarazhivanie-vozduha.pro

discountsstore.store

globejetflights.com

coffeeonestop.com

telemedottawa.com

southwestcri.com

laowuts.com

menwa.online

upintothegame.com

pennypinchersinc.com

luchamosporustednj.com

thirdistheword.com

adonmarket.com

Targets

- Target
  
  544ece457e19d0f63969651b6a61aa49_JaffaCakes118
- Size
  
  416KB
- MD5
  
  544ece457e19d0f63969651b6a61aa49
- SHA1
  
  f7564ce804a93ee22d38669a611266eba0449878
- SHA256
  
  4761bbde870190a51ffa8598c442af5b834476c02839626eebc85fc21eb94c17
- SHA512
  
  0d7ecf3945d798cb577b56e8c5dad906207e484889761e1671a93d1c9b0995897faf8d9058e3e53c4c849a0c019fedf5330317d443ec2d4fbcc7dbac92deb3ea
- SSDEEP
  
  12288:zE+nOoXmJLVdEtCDpz3Vw4qOJg8RlKQtSV1Hm:zEJVdEtCDpz3VO4rPKQtSHHm
Score

10^/10

xloader ggb4 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2