xloader

General

Target

52800ff51815328d40423b05573a6311_JaffaCakes118
Size

607KB
Sample

240717-lzzf9aydrc
MD5

52800ff51815328d40423b05573a6311
SHA1

e919ecce564dadc8cb577f74e224c54820e5f4ed
SHA256

4136247829572b4210102e01bef684b8e5cbc8ebd9d8dc6a87de79ca62a51630
SHA512

e9cae9108feb4a5053b535d9bac35628a5482702b164c8916e2a452fe83818a573ceb69145e2640a9de15814b01ea6f34d645a20f82b5855339e13bbc9450d8e
SSDEEP

12288:OwijcvmXR+nin+nin+nitOiwNODrDZVadZOA8yS57B6urbKGn+niu:OwhOXR+in+in+iMi5DhVQ0ya6urbKW+i

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bw82

Decoy

fundamentaliemef.com

gallerybrows.com

leadeligey.com

octoberx2.online

climaxnovels.com

gdsjgf.com

curateherstories.com

blacksailus.com

yjpps.com

gmobilet.com

fcoins.club

foreverlive2027.com

healthyfifties.com

wmarquezy.com

housebulb.com

thebabyfriendly.com

primajayaintiperkasa.com

learnplaychess.com

chrisbubser.digital

xn--avenr-wsa.com

Targets

- Target
  
  52800ff51815328d40423b05573a6311_JaffaCakes118
- Size
  
  607KB
- MD5
  
  52800ff51815328d40423b05573a6311
- SHA1
  
  e919ecce564dadc8cb577f74e224c54820e5f4ed
- SHA256
  
  4136247829572b4210102e01bef684b8e5cbc8ebd9d8dc6a87de79ca62a51630
- SHA512
  
  e9cae9108feb4a5053b535d9bac35628a5482702b164c8916e2a452fe83818a573ceb69145e2640a9de15814b01ea6f34d645a20f82b5855339e13bbc9450d8e
- SSDEEP
  
  12288:OwijcvmXR+nin+nin+nitOiwNODrDZVadZOA8yS57B6urbKGn+niu:OwhOXR+in+in+iMi5DhVQ0ya6urbKW+i
Score

10^/10

xloader bw82 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2