xloader

General

Target

308493a960b7a68197b827df204d8069_JaffaCakes118
Size

367KB
Sample

240709-qgj13axcnf
MD5

308493a960b7a68197b827df204d8069
SHA1

22a2cbaa97cc2d74988669ce5be4edeedda9e165
SHA256

1a01d821aba5fd6eef3b540c9640a6ff19561c36dcf28461d649cb17cc73bab2
SHA512

2d707f719faa8d323fe297e09a9e44be3177f240afb1092b71afd6a64df4a48802da7db2136d2182d6cbb2ffa219e35394957ce227a9fbb579561d94f2698e69
SSDEEP

6144:24vq5hs5I/nc4w0HFmjHhKy6p1khCEkMLMHg8pbRTjTPh8:FC5C58mjHhKy6p1qCEkC8dRPTp8

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

wme0

Decoy

mobileads.network

smartplumbing.services

hessusmelke.quest

5gbusinessbestservices.com

soniceasy.com

sishikeji.com

streetstock.space

interchimp.com

sassholesentiments.com

lemon6.club

thestogiestore.com

11elevencouture.com

loveimperia.com

firstactrealestate.com

alstonimages.com

mainmanmemories.com

floridavillarealtor.com

selberherrlab.com

jurisfinca.quest

bakercsoncrete.com

Targets

- Target
  
  308493a960b7a68197b827df204d8069_JaffaCakes118
- Size
  
  367KB
- MD5
  
  308493a960b7a68197b827df204d8069
- SHA1
  
  22a2cbaa97cc2d74988669ce5be4edeedda9e165
- SHA256
  
  1a01d821aba5fd6eef3b540c9640a6ff19561c36dcf28461d649cb17cc73bab2
- SHA512
  
  2d707f719faa8d323fe297e09a9e44be3177f240afb1092b71afd6a64df4a48802da7db2136d2182d6cbb2ffa219e35394957ce227a9fbb579561d94f2698e69
- SSDEEP
  
  6144:24vq5hs5I/nc4w0HFmjHhKy6p1khCEkMLMHg8pbRTjTPh8:FC5C58mjHhKy6p1qCEkC8dRPTp8
Score

10^/10

xloader wme0 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2