xloader

General

Target

5a4d698774dca687006647cf8ae2f74c_JaffaCakes118
Size

343KB
Sample

240719-d37m2a1bjr
MD5

5a4d698774dca687006647cf8ae2f74c
SHA1

94cd9c7a16cdb81e407d6f3b5f86ab7f78f198b2
SHA256

6ffcc0ba3c226b49b67548dc794b8f15ffa4819c71db0141a79e538567b90916
SHA512

464649d25067e9d92d3827a5059930ba3f92cd8585a456361802e99b55acf15993b3d8e96fa34e2e4a535223458e21e0f3c406f3633ee3409a6dbfb524053555
SSDEEP

6144:GJgNxGOhj+Sswa9Y8Vp5YsiTRA0BDw9Aa/zGGrBgdxfPoPq6mJxATu6XY:G+Zj+3rlIzBDYA8zZSIPq6mJxAKQY

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

csw6

Decoy

peterheesbeen.net

siberianheartpinefloors.com

stylishfreaky.com

paradiseengineers.com

mlmjewelry.com

bladerunnerzbarbershop.com

onkenradio.com

customwoodcuttingboards.com

xiaohaiysw.com

wosijm.com

officialstacicarr.com

happythanksgiving.info

neceelinef1bgoldendoodle.com

offthewagonpedaltours.com

sxhwxf.com

terrellauction.com

cupeniss.com

basilstores.com

18fap.net

pinkpiegroup.com

Targets

- Target
  
  5a4d698774dca687006647cf8ae2f74c_JaffaCakes118
- Size
  
  343KB
- MD5
  
  5a4d698774dca687006647cf8ae2f74c
- SHA1
  
  94cd9c7a16cdb81e407d6f3b5f86ab7f78f198b2
- SHA256
  
  6ffcc0ba3c226b49b67548dc794b8f15ffa4819c71db0141a79e538567b90916
- SHA512
  
  464649d25067e9d92d3827a5059930ba3f92cd8585a456361802e99b55acf15993b3d8e96fa34e2e4a535223458e21e0f3c406f3633ee3409a6dbfb524053555
- SSDEEP
  
  6144:GJgNxGOhj+Sswa9Y8Vp5YsiTRA0BDw9Aa/zGGrBgdxfPoPq6mJxATu6XY:G+Zj+3rlIzBDYA8zZSIPq6mJxAKQY
Score

10^/10

xloader csw6 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Core1 .NET packer
  Detects packer/loader used by .NET malware.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Core1 .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2