xloader

General

Target

e6ef3df5d377581da4c454ebb0d5bb40_JaffaCakes118
Size

742KB
Sample

240408-h77wtafa8z
MD5

e6ef3df5d377581da4c454ebb0d5bb40
SHA1

2c6562e7772030f60d40615fa2e7348bf84443fc
SHA256

15ba7bf101ed22090a8ee76d9a2c306a516a99f1c5045f1846fb039b47497148
SHA512

29c86c0d497665908b4e97b3688a23d38234e9349d30be74473cfbf433eaa5923604155fe7a9d8b2e584cb0fd4e4df1c5069f8e274714a8964dd58cc60fed8d7
SSDEEP

12288:cdfAtz2iNeHK7zGde0SlNtuSIkrLc+jllj1KQVaQ1QubiOKDmnS2G+W:cc1bykfaSIkrw4X1KcaQr2US2G+

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q4kr

Decoy

realmodapk.com

hanoharuka.com

shivalikspiritualproducts.com

womenshealthclinincagra.com

racketpark.com

startuporig.com

azkachinas.com

klanblog.com

linuxradio.tools

siteoficial-liquida.com

glsbuyer.com

bestdeez.com

teens2cash.com

valleyviewconstruct.com

myfortniteskins.com

cambecare.com

csec2011.com

idookap.com

warmwallsrecords.com

smartmirror.one

Targets

- Target
  
  e6ef3df5d377581da4c454ebb0d5bb40_JaffaCakes118
- Size
  
  742KB
- MD5
  
  e6ef3df5d377581da4c454ebb0d5bb40
- SHA1
  
  2c6562e7772030f60d40615fa2e7348bf84443fc
- SHA256
  
  15ba7bf101ed22090a8ee76d9a2c306a516a99f1c5045f1846fb039b47497148
- SHA512
  
  29c86c0d497665908b4e97b3688a23d38234e9349d30be74473cfbf433eaa5923604155fe7a9d8b2e584cb0fd4e4df1c5069f8e274714a8964dd58cc60fed8d7
- SSDEEP
  
  12288:cdfAtz2iNeHK7zGde0SlNtuSIkrLc+jllj1KQVaQ1QubiOKDmnS2G+W:cc1bykfaSIkrw4X1KcaQr2US2G+
Score

10^/10

xloader q4kr loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2