xloader

General

Target

ec2f93b390bf003cde1dc7dbb74a4ff2_JaffaCakes118
Size

380KB
Sample

240410-24j55adg78
MD5

ec2f93b390bf003cde1dc7dbb74a4ff2
SHA1

a7b0bf6d61332901a3eb6c8f175c1e2f71cb3689
SHA256

b6a58224bb0fbca5d4a297bdc2237ffd671e5548ebd6d35434ae1196df97f8d9
SHA512

b7ee3516efa1938d398909a4949c5e129eb8fe206501516c96ef7309998707f9af6eafa975be18e900b9be4c67d8db1d7e76147fb352b97d477d824fad67c227
SSDEEP

6144:ZUGnO5j4HaA0vFBur4xeRt/+TKSyMNF5889eZwlqiaTXAbn9Erl6Vkp80sxH30Oa:qdqaA0vFBur4TByMNr/9nzaTXyn9EwVg

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

qb4a

Decoy

travelsonabike2.net

eurekaprice.com

bkardd.com

vr893.com

nnsxykj.com

q-p.info

691485.com

magixe.com

frankysfurnituregallery.com

businessloansug.com

rocketcompaniesshady.info

lercoantincenti.com

pelosi4never.com

bide168.com

socialsecuritybonds.com

xn--hy1bj7gtvmh9a15t.com

anjaschaefer.net

wickedfavicon.com

bitesizedstudio.com

ecogiftsuk.com

Targets

- Target
  
  ec2f93b390bf003cde1dc7dbb74a4ff2_JaffaCakes118
- Size
  
  380KB
- MD5
  
  ec2f93b390bf003cde1dc7dbb74a4ff2
- SHA1
  
  a7b0bf6d61332901a3eb6c8f175c1e2f71cb3689
- SHA256
  
  b6a58224bb0fbca5d4a297bdc2237ffd671e5548ebd6d35434ae1196df97f8d9
- SHA512
  
  b7ee3516efa1938d398909a4949c5e129eb8fe206501516c96ef7309998707f9af6eafa975be18e900b9be4c67d8db1d7e76147fb352b97d477d824fad67c227
- SSDEEP
  
  6144:ZUGnO5j4HaA0vFBur4xeRt/+TKSyMNF5889eZwlqiaTXAbn9Erl6Vkp80sxH30Oa:qdqaA0vFBur4TByMNr/9nzaTXyn9EwVg
Score

10^/10

xloader qb4a loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2