xloader

General

Target

fe3a974de2555a9e8c8236cc2a65db8a_JaffaCakes118
Size

814KB
Sample

240421-c2eeesgg67
MD5

fe3a974de2555a9e8c8236cc2a65db8a
SHA1

758ae28dac195e3906c1cae63f4e6a5ef80e5c30
SHA256

3a6526bd0319f9cacdfe469a2dcff21576336aee97e6bca996c4753178e4171c
SHA512

9d02a8beb302a58783bfae588dab323ed23e281e0f1e79961382e864c3600df5e326254216d289c9046c72a5eb80b4a307745699b911bdcd4fbdf09fc223a448
SSDEEP

12288:GfWE6MMpp2YQwkf8HRfy6/Cz9/fErzkgdxpZ9mEY9r+5096EPoc40k92a:2af2YEfMR5Sqti9r+U6IoZ0k9v

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

earz

Decoy

halacoupon.com

anthos-labs.com

hagertylabs.net

l1992.com

856379580.xyz

rcbb-technologies.com

realhoggapparel.com

sauceprince.com

tootingcab.com

4chase5.com

ordergogibibimbap.com

nyj.xyz

dermixspa.com

premiergiftingco.com

razorcentric.com

mbrealtyadvisors.com

officialjazz.club

cctv006.com

hbcuatthepolls.info

prestamos-ya.com

Targets

- Target
  
  Payment_Advice MT103_PDF.exe
- Size
  
  1.3MB
- MD5
  
  73697bb26242562cc3b9fde3de369fcb
- SHA1
  
  7551d770c6358c3ec5483e12882a42eacc12e854
- SHA256
  
  6b63415f87f97a86a998a5b78bb16953a25b6a045df9a8593432169ec65bcaaf
- SHA512
  
  f1838d11737b8501b73c4afbe0d5b3fc3bf4ada6dd894985edaf707fc358a9ba24a291407eb1fa15a95a178df886469536e3a3994486d9c9966814851099b2ee
- SSDEEP
  
  24576:wmpZ76DOqfx8Dgyfx8DgM1dUEOePbzE+XsdainTlQwDZD2L:jZ76v58Dgy58DgM1dMeDzgaiHZK
Score

10^/10

xloader earz loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2