xloader

General

Target

a3eea48c7d0cd1c1ac13ff3bf81ce5ff_JaffaCakes118
Size

616KB
Sample

240613-fwfl3svgnf
MD5

a3eea48c7d0cd1c1ac13ff3bf81ce5ff
SHA1

d69bed5b1751958cb9bb667539a5c6422f2c1492
SHA256

d0834d9c3b1c362289e0905285aeb0b28490cc5eacb5752080c6553c75d4b00b
SHA512

3a1caf398353daea530c674061be1ecba09a4ff1e8cf8aed73527baf4e7dde3f60a788bd7794faa53a770f21dd386b0dd6aa7199d5d0c7707ea102096bf59a4c
SSDEEP

12288:EfkvTYBcDUiRWshAgd2ptNiNZ9c5mbjCQg2WOesJcaC:Kcjdd2m6sGQ5Wraca

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

agwz

Decoy

organicsifa.com

microlivros.com

kharestudio.com

processautomationsystem.com

359192.com

user-id06783.com

hoopletesonline.com

camrashos.com

xfgyzzm.icu

jjjllcbooking.com

ztouh.info

mynetlfis.info

honeydigi.com

claytelier.com

hbozoom.com

theleftreports.net

drmenelaou.com

ignoringracism.com

querofalardesaude.com

smithysminicharters.com

Targets

- Target
  
  a3eea48c7d0cd1c1ac13ff3bf81ce5ff_JaffaCakes118
- Size
  
  616KB
- MD5
  
  a3eea48c7d0cd1c1ac13ff3bf81ce5ff
- SHA1
  
  d69bed5b1751958cb9bb667539a5c6422f2c1492
- SHA256
  
  d0834d9c3b1c362289e0905285aeb0b28490cc5eacb5752080c6553c75d4b00b
- SHA512
  
  3a1caf398353daea530c674061be1ecba09a4ff1e8cf8aed73527baf4e7dde3f60a788bd7794faa53a770f21dd386b0dd6aa7199d5d0c7707ea102096bf59a4c
- SSDEEP
  
  12288:EfkvTYBcDUiRWshAgd2ptNiNZ9c5mbjCQg2WOesJcaC:Kcjdd2m6sGQ5Wraca
Score

10^/10

xloader agwz loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2