xloader

General

Target

24265430eaae7752de58d9804a591a00_JaffaCakes118
Size

850KB
Sample

240704-bsmtrsycpg
MD5

24265430eaae7752de58d9804a591a00
SHA1

aba4fe5105387e1d38d70fb4f8dd552091a2461e
SHA256

f802b546f625a38f59067e321db1fda69f28c5a91974f7ba7ebf37360ca37cc9
SHA512

9ba9e4ea6495a996b36d37e7486ed4240ba445ecac41d5d2750b390e87ba98a75efcdfbdc89430dc974e1db669589151dc7df18ad66ba52873196fcb7bf8f53a
SSDEEP

12288:nUhGT/f7DSvWN1JuigLYVlaf+dhKeVnVBAzzv6yRJmPv58gipuhpzP+:fzHSvi7AYaf+dk+gzeUrAJ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gzcj

Decoy

localzhops.com

cfsb114.com

sweetiefilms.com

cyclewatts.com

bubblesportsevent.com

halloween-r-us.com

rcdzsm.com

reelatioens.com

uniquegranitebenefits.com

chainlinkdex.com

topcoolhlist.com

ivy-apps.com

shopmajesticqueendom.com

ddiesels.com

ventajuguetessexuales.online

daylight93245.com

heiyingxitong.com

personalfashion.guru

usadrugfree.com

beyondcareersuccess.com

Targets

- Target
  
  Inquiry 54409880043.exe
- Size
  
  789KB
- MD5
  
  ae7af65b43614259f51d3f713fc89b54
- SHA1
  
  3fa5ab59e08e5f51c705a7786276af656f95dd65
- SHA256
  
  22e417c64cdd2caa8cf900dd1a7174d4db4f9c1097489250a7d8a39fc81f47d9
- SHA512
  
  a9150f369a25857f72758ce6937eefc0d67f990b2c2f1a146e15aa9fb624cbde26b8822953f1dd58a5eb07d6505bc08acfa168438f406fcedadcde38c556d138
- SSDEEP
  
  12288:BUhGT/f7DSvWN1JuigLYVlaf+dhKeVnVBAzzv6yRJmPv58gipuhpzP+:9zHSvi7AYaf+dk+gzeUrAJ
Score

10^/10

xloader gzcj loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2