xloader

General

Target

51dcc89ed1035a6c2fc57ada8dcb4dc2_JaffaCakes118
Size

569KB
Sample

240331-kgv6fagg9w
MD5

51dcc89ed1035a6c2fc57ada8dcb4dc2
SHA1

0e59efbffdd8153c61f20a6039110474c50c20e9
SHA256

092be1f456b0c24d932d6c4e4c44cfd0c9abc6c0418bf1567e67826cb51aef14
SHA512

a485e5a4cfb47867d00bc9ace1848d8859274f0c2987e8b46e53fc7086f1af6e53f92e33a17ac66b782641ca77bd91f56d32f40d952bb4df08920273e5e05fe6
SSDEEP

12288:IQSB6F/pLLbTHFw1WufwltdYYXsOaCnuNQpFINwgNP1:IdBS/lbTHu1WuovdYoayuNrNt

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fqiq

Decoy

driventow.com

ipatchwork.today

bolder.equipment

seal-brother.com

mountlaketerraceapartments.com

weeden.xyz

sanlifalan.com

athafood.com

isshinn1.com

creationslazzaroni.com

eclecticrenaissancewoman.com

satellitephonstore.com

cotchildcare.com

yamacorp.digital

ff4cuno43.xyz

quicksticks.community

govindfinance.com

farmersfirstseed.com

megacinema.club

tablescaperendezvous4two.com

Targets

- Target
  
  51dcc89ed1035a6c2fc57ada8dcb4dc2_JaffaCakes118
- Size
  
  569KB
- MD5
  
  51dcc89ed1035a6c2fc57ada8dcb4dc2
- SHA1
  
  0e59efbffdd8153c61f20a6039110474c50c20e9
- SHA256
  
  092be1f456b0c24d932d6c4e4c44cfd0c9abc6c0418bf1567e67826cb51aef14
- SHA512
  
  a485e5a4cfb47867d00bc9ace1848d8859274f0c2987e8b46e53fc7086f1af6e53f92e33a17ac66b782641ca77bd91f56d32f40d952bb4df08920273e5e05fe6
- SSDEEP
  
  12288:IQSB6F/pLLbTHFw1WufwltdYYXsOaCnuNQpFINwgNP1:IdBS/lbTHu1WuovdYoayuNrNt
Score

10^/10

xloader fqiq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2