xloader

General

Target

fec0dae7fa927dff718297148842fb7e_JaffaCakes118
Size

359KB
Sample

240421-h7vaqaed5w
MD5

fec0dae7fa927dff718297148842fb7e
SHA1

d1bf0379d0aa3421b75392cb942d406bad29f82e
SHA256

3dba6300d34cd2fc6744ff6706c1f876d4fd42b3e3ed190dfab317ac3586b4d9
SHA512

04ff56f4f77e72092b963d21d2fbb3e41f6c4dcb53517a221145205c1e103fe2f6738d2f329861818656dfe3ad9f84650bbddb9cbf313fee58b3bf13b83a3bea
SSDEEP

6144:debp3wrnM7tQ3tDdV9z2K6m7BQRTd7UPlfdBzB8mFc1la33jcGbzcAVTMGN:d63wrztDdnz56mNQ95Upbz+GqG46xVD

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

eca0

Decoy

azappz.com

ruptiti.com

gewinntaservices.com

skip1-dndasasd.com

frithwtych.com

modularinmobiliaria.com

conwhot.club

drsarahcoxon.com

aplaycasinovhod.com

schaunmonksadv.com

rpm856.com

xn--vhq1km0kx70a.com

motheryer.com

coasttocoastballers.net

imitationdesign.com

newnoname.com

asiyim.com

orient-indonesia.com

rushmoremd.com

tridentking.co.uk

Targets

- Target
  
  CTM_50,000.exe
- Size
  
  324KB
- MD5
  
  0745a91ca11c4c208560564ec24451d7
- SHA1
  
  cd7d14c1b17841b118e4e1f1fc473612654f2f31
- SHA256
  
  4796e12d5a33b3b717b0ddc65286b9de7479e86bc91cc0bdb843722a5b62951b
- SHA512
  
  dfcf69496dd86e8e5d379c530899536a7a64c0ed5b4c05bac8282fee655541ea4d69df80e9d41026d260118825e8e0cbb64e8f8d2fbf0d1e0f868edfe72a5466
- SSDEEP
  
  6144:oBrf0xh3Hfr5YwuLpVtE/qpDVl2HwW429mdix4KRYLCeA8ntOOrdT0y:+rf0P3HD5YQ/qp5UHwWmix4TLCQXrd7
Score

10^/10

xloader eca0 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2