xloader

General

Target

629b3cbb423e7b5b51f23a87b99a92e6_JaffaCakes118
Size

435KB
Sample

240722-kybs5ayera
MD5

629b3cbb423e7b5b51f23a87b99a92e6
SHA1

014c1d1873fbb5f18581b1da3414417bc55a5cc9
SHA256

b63ecc7941b1c62dc98d59344ec81a623276033f889fa43628010fc54030e100
SHA512

4892da02d3262c7a4d781917474fee3cb5b22ed494b670c43cd53429eef0e7a8e7603efb68bd427be34d83037ff7900d79278a0195c5a1c8d3ee68253ad6ad00
SSDEEP

6144:Sr5w4udmLIY3llsUfFUlakZZlXV5VNIFdjSLjD9bHkXauTHmS0e901zp:mWSzbsckakZR5zqduLjpbE/K3d1p

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

h3qo

Decoy

dhflow.com

jyindex.com

ezcleanhandle.com

trungtamcongdong.online

simsprotectionagency.com

easylivemeet.com

blackvikingfashionhouse.com

52banxue.com

girlsinit.com

drhemo.com

freethefarmers.com

velvetrosephotography.com

geometricbotaniclas.com

skyandspirit.com

deltacomunicacao.com

mucademy.com

jaboilfieldsolutions.net

howtowinatblackjacknow.com

anytimegrowth.com

simranluthra.com

Targets

- Target
  
  629b3cbb423e7b5b51f23a87b99a92e6_JaffaCakes118
- Size
  
  435KB
- MD5
  
  629b3cbb423e7b5b51f23a87b99a92e6
- SHA1
  
  014c1d1873fbb5f18581b1da3414417bc55a5cc9
- SHA256
  
  b63ecc7941b1c62dc98d59344ec81a623276033f889fa43628010fc54030e100
- SHA512
  
  4892da02d3262c7a4d781917474fee3cb5b22ed494b670c43cd53429eef0e7a8e7603efb68bd427be34d83037ff7900d79278a0195c5a1c8d3ee68253ad6ad00
- SSDEEP
  
  6144:Sr5w4udmLIY3llsUfFUlakZZlXV5VNIFdjSLjD9bHkXauTHmS0e901zp:mWSzbsckakZR5zqduLjpbE/K3d1p
Score

10^/10

xloader h3qo loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2