xloader

General

Target

2f89d68a23b1a9eed55a6dc0565549f1_JaffaCakes118
Size

455KB
Sample

240709-jq8mfstcql
MD5

2f89d68a23b1a9eed55a6dc0565549f1
SHA1

8f34ff1749aa25483341e22eedd867565a33b0b1
SHA256

6b043d0032718af4354f8af36a1f97dd236a0026011215f8674c623ac5a66697
SHA512

b2388d6952c06c9dea5ba1f6c4180072107ca467a5d8cbe8e5ffa90706dc8c477cc80d9964abd9450dd5af34711396f53410b07bb758d62c4d1b0c637d4aebb1
SSDEEP

12288:faGNY/D1RGxGOs+baytUqTdQT5gkP0gUbp9n5sEOL1kqb1gMa:9NY+bDYCk1Ubp9n5sEUhz

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

vpz6

Decoy

upscalejob.com

gzjy138.com

sexyyin.com

lapptv.com

joinplshere.com

cheapwatchband.com

bostonm.info

dschazy.com

pleetly.com

lamaradas.com

preventroofcollapse.com

richmondparents.com

elegantoshop.com

alabamasgulfcoast.info

asiastreetballleague.com

medinaprojectconstruction.com

theramone.com

findhydraulicparts.com

wzqp5.com

toppickaustralia.com

Targets

- Target
  
  2f89d68a23b1a9eed55a6dc0565549f1_JaffaCakes118
- Size
  
  455KB
- MD5
  
  2f89d68a23b1a9eed55a6dc0565549f1
- SHA1
  
  8f34ff1749aa25483341e22eedd867565a33b0b1
- SHA256
  
  6b043d0032718af4354f8af36a1f97dd236a0026011215f8674c623ac5a66697
- SHA512
  
  b2388d6952c06c9dea5ba1f6c4180072107ca467a5d8cbe8e5ffa90706dc8c477cc80d9964abd9450dd5af34711396f53410b07bb758d62c4d1b0c637d4aebb1
- SSDEEP
  
  12288:faGNY/D1RGxGOs+baytUqTdQT5gkP0gUbp9n5sEOL1kqb1gMa:9NY+bDYCk1Ubp9n5sEUhz
Score

10^/10

xloader vpz6 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2