xloader

General

Target

65f44440d481fe7d8559a1e4303f4070_JaffaCakes118
Size

445KB
Sample

240723-dz82pavhrq
MD5

65f44440d481fe7d8559a1e4303f4070
SHA1

9df52bc586379e05424b4578bb2b76e31627581c
SHA256

9ab3bb93a6d39ab709c9b2369cde749ccbe7f3796c7c3e2fc39aa4715c3bb0fd
SHA512

d24f97fc52beff69bef936c469bb787e1a657dd07a05e1cf6c80ed6c1bd57f0aa63215beed2e7b41d56100655931803c4d87635a831c71c65bdd65689cadac18
SSDEEP

12288:yFda+FdaGCbYQjoiuM3JFyreSP3UNW8jAZnreHTAf:aCbYQjoBM3JQONW80tr

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ivay

Decoy

b4ukid.com

missioncontrol2030.com

chriswhitefoto.com

guepard-marine.com

getlauded.com

jingdonglm.com

clintlove.com

boldstrategicmedia.com

bluebay3dwdmall.com

aishag.com

forexexpoaward.com

basslakedisposal.com

bukannyaterbuai36.com

learntrhc.com

cancunpolo.com

case-cornershop.com

tahiticomplementos.com

dashanzhf.com

wholeholistichealth.com

inass-yassin.com

Targets

- Target
  
  65f44440d481fe7d8559a1e4303f4070_JaffaCakes118
- Size
  
  445KB
- MD5
  
  65f44440d481fe7d8559a1e4303f4070
- SHA1
  
  9df52bc586379e05424b4578bb2b76e31627581c
- SHA256
  
  9ab3bb93a6d39ab709c9b2369cde749ccbe7f3796c7c3e2fc39aa4715c3bb0fd
- SHA512
  
  d24f97fc52beff69bef936c469bb787e1a657dd07a05e1cf6c80ed6c1bd57f0aa63215beed2e7b41d56100655931803c4d87635a831c71c65bdd65689cadac18
- SSDEEP
  
  12288:yFda+FdaGCbYQjoiuM3JFyreSP3UNW8jAZnreHTAf:aCbYQjoBM3JQONW80tr
Score

10^/10

xloader ivay loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Beds Protector Packer
  Detects Beds Protector packer used to load .NET malware.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Beds Protector Packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2