xloader

General

Target

2fe634ab1348a94f5a2f8712d8b4ee44_JaffaCakes118
Size

462KB
Sample

240330-bfjatade4w
MD5

2fe634ab1348a94f5a2f8712d8b4ee44
SHA1

1c6e453bc403da0ae1ea75f96ab90cdf86472665
SHA256

9136c283e5029c2f073b706014f6f73b67ead84450267cb5ce0dd26cbcecaa25
SHA512

a91093bfd130fbf50d4de789b82c4acc2588f832736141e35d308ed8e5ae1a0984dab62984f9f683edb771028674dfd11c45ad4ac92131be95acbe4ac77fe92e
SSDEEP

6144:MidoQHF/H1wPkLCG2V8SlX0CbGLWRj1qqBOzGOoa6lMbvDpXA1Nt3EpMkhBnlYB:MidbH1OjJiMrGYCOawQvDW33ESSBna

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fqiq

Decoy

driventow.com

ipatchwork.today

bolder.equipment

seal-brother.com

mountlaketerraceapartments.com

weeden.xyz

sanlifalan.com

athafood.com

isshinn1.com

creationslazzaroni.com

eclecticrenaissancewoman.com

satellitephonstore.com

cotchildcare.com

yamacorp.digital

ff4cuno43.xyz

quicksticks.community

govindfinance.com

farmersfirstseed.com

megacinema.club

tablescaperendezvous4two.com

Targets

- Target
  
  2fe634ab1348a94f5a2f8712d8b4ee44_JaffaCakes118
- Size
  
  462KB
- MD5
  
  2fe634ab1348a94f5a2f8712d8b4ee44
- SHA1
  
  1c6e453bc403da0ae1ea75f96ab90cdf86472665
- SHA256
  
  9136c283e5029c2f073b706014f6f73b67ead84450267cb5ce0dd26cbcecaa25
- SHA512
  
  a91093bfd130fbf50d4de789b82c4acc2588f832736141e35d308ed8e5ae1a0984dab62984f9f683edb771028674dfd11c45ad4ac92131be95acbe4ac77fe92e
- SSDEEP
  
  6144:MidoQHF/H1wPkLCG2V8SlX0CbGLWRj1qqBOzGOoa6lMbvDpXA1Nt3EpMkhBnlYB:MidbH1OjJiMrGYCOawQvDW33ESSBna
Score

10^/10

xloader fqiq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2