xloader

General

Target

1d2ebab3ed572cc11daf9d4ff90b5e0c_JaffaCakes118
Size

614KB
Sample

240702-bahr4azhld
MD5

1d2ebab3ed572cc11daf9d4ff90b5e0c
SHA1

b3ad1752b059ed8ea2f747ef6c07035c9990aca4
SHA256

c05c2e532b550a79508842fe8f4ab75316c86752bebd912ac84eaed0cdb4ebf4
SHA512

a2c644c5a78307c7f09f6de7dfef5768063918362ae4de8d6760f63679e1f617a7a86149c0f27a43471e818f1bef0d0852df9ee85853e7417d9115dff42ea463
SSDEEP

12288:foNNbQ+X8+UiDLbRHahRyMgtPDwd+0J5rRUqRBEOyMn8oyx:MbQ+X8+UiDLbRHahRiP0d+0PReBKs

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

shjn

Decoy

trendlito.com

myspoiledbytchcreations.com

skinsotight.com

merakii.art

sakina.digital

qumpan.com

juxing666.com

andrewolivercounselling.com

blastaerobics.com

linevshaper.store

legendvacationrentals.com

adna17.com

ingodwetrustdaycare.com

j98066.com

noordinarybusiness.com

pacelicensedelectrician.com

istanbulmadencilik.com

roboscop.com

njhude.com

eaglelures.com

Targets

- Target
  
  1d2ebab3ed572cc11daf9d4ff90b5e0c_JaffaCakes118
- Size
  
  614KB
- MD5
  
  1d2ebab3ed572cc11daf9d4ff90b5e0c
- SHA1
  
  b3ad1752b059ed8ea2f747ef6c07035c9990aca4
- SHA256
  
  c05c2e532b550a79508842fe8f4ab75316c86752bebd912ac84eaed0cdb4ebf4
- SHA512
  
  a2c644c5a78307c7f09f6de7dfef5768063918362ae4de8d6760f63679e1f617a7a86149c0f27a43471e818f1bef0d0852df9ee85853e7417d9115dff42ea463
- SSDEEP
  
  12288:foNNbQ+X8+UiDLbRHahRyMgtPDwd+0J5rRUqRBEOyMn8oyx:MbQ+X8+UiDLbRHahRiP0d+0PReBKs
Score

10^/10

xloader shjn loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2