xloader

General

Target

c5aac4e454e89b83d6e599440a81d089_JaffaCakes118
Size

331KB
Sample

240405-akz9fsee4z
MD5

c5aac4e454e89b83d6e599440a81d089
SHA1

db0eb6681e072e0290e179465bbf0acfb67193b4
SHA256

89b049bc712096512185d1607a9318c074885b2d5b529e0985dc92cdd94d1f51
SHA512

b3f4d78c98c334049b81e85b6a5774daeb83fdde91d981231d6e1d630bb6857dad415a82525591c5fac4f67205f40a3fa8a825ceed9968a6b68ad7ac360978c7
SSDEEP

6144:vKnmJbfuFhi3ddhGzCQjSK96mTgmxnE8vBfR4uhAgSuB/esFVQE9+MkhB:v/2hofh+CQjtF0mxnEQB/AgTB/espnSB

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fqiq

Decoy

driventow.com

ipatchwork.today

bolder.equipment

seal-brother.com

mountlaketerraceapartments.com

weeden.xyz

sanlifalan.com

athafood.com

isshinn1.com

creationslazzaroni.com

eclecticrenaissancewoman.com

satellitephonstore.com

cotchildcare.com

yamacorp.digital

ff4cuno43.xyz

quicksticks.community

govindfinance.com

farmersfirstseed.com

megacinema.club

tablescaperendezvous4two.com

Targets

- Target
  
  c5aac4e454e89b83d6e599440a81d089_JaffaCakes118
- Size
  
  331KB
- MD5
  
  c5aac4e454e89b83d6e599440a81d089
- SHA1
  
  db0eb6681e072e0290e179465bbf0acfb67193b4
- SHA256
  
  89b049bc712096512185d1607a9318c074885b2d5b529e0985dc92cdd94d1f51
- SHA512
  
  b3f4d78c98c334049b81e85b6a5774daeb83fdde91d981231d6e1d630bb6857dad415a82525591c5fac4f67205f40a3fa8a825ceed9968a6b68ad7ac360978c7
- SSDEEP
  
  6144:vKnmJbfuFhi3ddhGzCQjSK96mTgmxnE8vBfR4uhAgSuB/esFVQE9+MkhB:v/2hofh+CQjtF0mxnEQB/AgTB/espnSB
Score

10^/10

xloader fqiq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2