xloader

General

Target

298f335fb83ec9f3d871df0ff414914d_JaffaCakes118
Size

2.5MB
Sample

240706-28qhpsyfka
MD5

298f335fb83ec9f3d871df0ff414914d
SHA1

b09daf5332f95bbc5cdeead058a608eb3dee166e
SHA256

6ce582d52ebd7ea92fd6eabf92c52324ce4c4048d79f1f6e33a182e1faeef9b0
SHA512

04b17579fdfccbda1d73538fe9abb70dabc47c48d339c8056ecdd06c5f8e95615eb0d22c86090545133944e21ca5d6c95a0f84f59ebe108e0279525b0f55a3aa
SSDEEP

49152:BzoZ0ajbQzlq5O+l4QOnn8jeX+l8uvlhfNf5lWLPNyeL9+hw/USGy7Xk/51HwgGX:BEX0zlC6mJ98B1YeQ1a7

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

h8ak

Decoy

architeizer.com

alexandersolis.com

szbtdz.com

escort-1.com

hpmsloans.com

thegunshopinc.net

cafexingon.com

logic3dprinting.com

fdklfkeoifdkle.com

bostonm.info

modernslp.com

hensai-db.com

dousum.com

ledivir.club

daohongguoji.com

wateradjusters.com

casaschollo.com

harris.place

platformvictor.com

worldhustlesummit.com

Targets

- Target
  
  298f335fb83ec9f3d871df0ff414914d_JaffaCakes118
- Size
  
  2.5MB
- MD5
  
  298f335fb83ec9f3d871df0ff414914d
- SHA1
  
  b09daf5332f95bbc5cdeead058a608eb3dee166e
- SHA256
  
  6ce582d52ebd7ea92fd6eabf92c52324ce4c4048d79f1f6e33a182e1faeef9b0
- SHA512
  
  04b17579fdfccbda1d73538fe9abb70dabc47c48d339c8056ecdd06c5f8e95615eb0d22c86090545133944e21ca5d6c95a0f84f59ebe108e0279525b0f55a3aa
- SSDEEP
  
  49152:BzoZ0ajbQzlq5O+l4QOnn8jeX+l8uvlhfNf5lWLPNyeL9+hw/USGy7Xk/51HwgGX:BEX0zlC6mJ98B1YeQ1a7
Score

10^/10

xloader h8ak loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Beds Protector Packer
  Detects Beds Protector packer used to load .NET malware.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Beds Protector Packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2