xloader

General

Target

574c5141a719f2333130cd8b555edb3b_JaffaCakes118
Size

469KB
Sample

240718-n8evba1bpd
MD5

574c5141a719f2333130cd8b555edb3b
SHA1

c63d0ca2ed33f622b2173afa752a54d5b039b590
SHA256

e734c58ad681ed8aa6c5e7a0e49b03ef0e7f7e80518dab602eeeb284b7186b1c
SHA512

d1e0a9cda29655a9dfefb2972a8fa1b6fd25ca70b71ada1d957d6ef18eca7fc46d92f3a969aeccceab81640c5815c89a697e13b5fc8c37442da56d2870173271
SSDEEP

6144:JZtgNERQ+3HwOf4zb02wvMer/slA6S5S8sezeNFDgd5k4/V5qs/bLG0:QESoQntwvMGf6UNQFDOkgqsTz

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

g9vg

Decoy

selenebrennan.com

htsfrance.com

monsieurtechno.com

argosy.city

lit-clouds.com

emilio-m.com

crashycraft.net

washmebro.com

1houroflife.com

millershaga.com

newtonpod.com

camopants.net

animator-show.com

qqzome.com

assetacre.com

letsmakeyourchoice.com

gileadpreferences.com

ecomarklifestyle.com

mivaautomotive.com

rattle100.com

Targets

- Target
  
  574c5141a719f2333130cd8b555edb3b_JaffaCakes118
- Size
  
  469KB
- MD5
  
  574c5141a719f2333130cd8b555edb3b
- SHA1
  
  c63d0ca2ed33f622b2173afa752a54d5b039b590
- SHA256
  
  e734c58ad681ed8aa6c5e7a0e49b03ef0e7f7e80518dab602eeeb284b7186b1c
- SHA512
  
  d1e0a9cda29655a9dfefb2972a8fa1b6fd25ca70b71ada1d957d6ef18eca7fc46d92f3a969aeccceab81640c5815c89a697e13b5fc8c37442da56d2870173271
- SSDEEP
  
  6144:JZtgNERQ+3HwOf4zb02wvMer/slA6S5S8sezeNFDgd5k4/V5qs/bLG0:QESoQntwvMGf6UNQFDOkgqsTz
Score

10^/10

xloader g9vg loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2