xloader

General

Target

ffc57d84cdd184d90966b6d0bfd925c3_JaffaCakes118
Size

577KB
Sample

240421-vsmcsafg86
MD5

ffc57d84cdd184d90966b6d0bfd925c3
SHA1

f280979956162f01c8119328df78ce64247ff3da
SHA256

b8fecafb0ea8ed59d3c66ea34f14f25f1354589750fc854ff78c11e10cc3421b
SHA512

550fa6203cb4ef67bea0140681626ba5589f3d5f0a30dc46a7bcd9b4acb0cbef8987b16aeacd8589916418abbd8f229433efed624cda5a4633fe8491a0663676
SSDEEP

12288:XZRR5hRueKeuUMd1oBPIEQq+ePa9Xtz+vTV8+7gSPRqJwA5:X7rKmMsBPINXYTVP7giI++

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u8aa

Decoy

quantexchanges.com

hizliarac.com

dropsdementanovohamburgo.com

tcinsurancegroup.net

byobvendors.com

arteasba.com

azrealtorsmastermind.com

voiceof5aabtv.com

zoom-bloopers.com

jxsenmei.com

interia-poczta.email

coolgiftbaskets.net

magetu.info

weedliberal.com

drsergiocastilloangiologo.com

starinsiderau.com

weightneutralmetflex.com

youxiandian.com

liberation.media

ferrari-news.com

Targets

- Target
  
  Transfer Swift Copy.exe
- Size
  
  528KB
- MD5
  
  0d5bfa60273cf3871c7596b7aa2fc447
- SHA1
  
  451461604085634e62758f142fbca0bdbf12a044
- SHA256
  
  e51b63aacca71c639c6f3b12a6b0eede821c54567125b52a21a0a24ec540d04a
- SHA512
  
  33afea5b2367b0f4a0f222d14d4fe531c8b076ff1c253897b4e69f9a2956637573284cb7433d75e09d6aeb6f1891a3b962672cd7be561f25e0649def528276a2
- SSDEEP
  
  12288:ZhQVh9a17gNm5YnXDdx2OjKhNHySntntjEyjIOm+mmmTIhfCGONcR9Ok:ZhQVh9FDdx2GKzSSt9ZSsmToik
Score

10^/10

xloader u8aa loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2