xloader

General

Target

ec16f3d1dca8c3c8366286559ae37eb3_JaffaCakes118
Size

406KB
Sample

240410-1y6lhafg6y
MD5

ec16f3d1dca8c3c8366286559ae37eb3
SHA1

ee17fabc52414bba3fc44576851358a12f15bbd8
SHA256

ede2311b0dc0adf3290cba376e3d855ecd9a59b510107b48b03d30955a092e26
SHA512

2d36c615141cf4e884e8f33e8aa31290ac6a332a86595a35c826066ba518a59643309634b49c5c6707daeb58274d74f278716a9ecaafbfe4215a0354d4f1f717
SSDEEP

6144:WLTfzVyYWrjsCCFu3L4Ny8tyF+h74xTKlXBRkAzoJT6:efzYFBb4VtBhqiOIR

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rqe8

Decoy

bjft.net

abrosnm3.com

badlistens.com

signal-japan.com

schaka.com

kingdompersonalbranding.com

sewmenship.com

lzproperty.com

mojoimpacthosting.com

carinsurancecoverage.care

corporatemercadona.com

mobileswash.com

forevercelebration2026.com

co-het.com

bellesherlou.com

commentsoldgolf.com

onlytwod.group

utesco.info

martstrip.com

onszdgu.icu

Targets

- Target
  
  ec16f3d1dca8c3c8366286559ae37eb3_JaffaCakes118
- Size
  
  406KB
- MD5
  
  ec16f3d1dca8c3c8366286559ae37eb3
- SHA1
  
  ee17fabc52414bba3fc44576851358a12f15bbd8
- SHA256
  
  ede2311b0dc0adf3290cba376e3d855ecd9a59b510107b48b03d30955a092e26
- SHA512
  
  2d36c615141cf4e884e8f33e8aa31290ac6a332a86595a35c826066ba518a59643309634b49c5c6707daeb58274d74f278716a9ecaafbfe4215a0354d4f1f717
- SSDEEP
  
  6144:WLTfzVyYWrjsCCFu3L4Ny8tyF+h74xTKlXBRkAzoJT6:efzYFBb4VtBhqiOIR
Score

10^/10

xloader rqe8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2