xloader

General

Target

712dbe7efedc036a49def570f28e212b_JaffaCakes118
Size

413KB
Sample

240525-hpegjshh6w
MD5

712dbe7efedc036a49def570f28e212b
SHA1

ca1960d2100d9d3a5f638862b7303bd7c15d253a
SHA256

c6a43c729575d33894b66ed9072add24ba50d9a48646343956f724c2403ae861
SHA512

c4e71a203d0f2ef339f6eb8aec90d84f8cbc859348a97bcc9aeb3f149a63ec841c75c087e28ef6ec814a2f7d5900d8c962fc960bd3de392380d07b0c20f4852a
SSDEEP

6144:pCGXR0S+wGwGwzngfwIjNmc0jzN26OVbDq//7F8pDTwcY/+SJZ3ndqD8D:pByS+mzgfwIjcg6OVbDS/RcdYLdhD

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

cvd

Decoy

wanda-dutyfree.net

m399999.com

adultoutopico.com

acappellawebradio.com

geetaisprings.com

californiacredit.repair

view-merchant.review

autoritecenter.com

lke7992.com

carroceriasalchichica.com

shanhaishidai.com

wuyounice.com

ahyingshi.com

eurocrypt.net

zvxhs.info

nxsexyvip.com

suffolkbuildingcontrol.com

sotruemobiledetailing.com

bizsolmx.com

personalidea.net

Targets

- Target
  
  Drawings & Related Specifications.exe
- Size
  
  500KB
- MD5
  
  eb5dd6ea7ec8c4897c3031824637414c
- SHA1
  
  d0064d5dff2613aa21a8229492c2c3149ba7ec1d
- SHA256
  
  370293d95666a952ba140489c797e3c7d82a92cb400e360f7743075aee04ca10
- SHA512
  
  3dfadce944c234dc356961739f528b1a9516a0266d295c90577c506ed73a8693253eabb8f7e231e0f126dfc38039b18c7ddd4ca0c964245c751e54d58615ff00
- SSDEEP
  
  12288:vuQ16pHy86FQNTPmjE79nW31TMgTCimkrDqs9gWmKXsD2XN4:116pHy2NTP99W3Sg2ilT9ynu4
Score

10^/10

xloader cvd loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2