xloader

General

Target

ec9bc7cf247b5824c06b4a44912a9158_JaffaCakes118
Size

709KB
Sample

240411-edwd5sbe86
MD5

ec9bc7cf247b5824c06b4a44912a9158
SHA1

39da546e066a3e83b9d9c18a942cb18690868320
SHA256

8f20faa7f6518392ef652a0bde4cd71a1f693b08d633a6b116e1da4b8b9122f8
SHA512

1f002d5618bdf5693df9177007a0446a76255720834b2a4acafae5b42ae86df2642a6be33b00508d51d688e8901241d1fbf20b1b01dd1461f4267124805cc763
SSDEEP

12288:S5vxdHRnttFPo7JvYxADAg8gc/WRB2qEsIpMcMGFGocE6cHL01lWvGPP7r9r/+pj:StxdxttBoJH7JEnWcM6c1q

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bqt25

Decoy

whatsappplusdownloads.com

jewelform.net

clubscoral.net

thelaundering.com

blankedlabel.com

tattlecoin.com

tremdoxnigeria.com

ows-weiden.club

dabanse.com

dallascrier.com

putrareload.com

univisionghana.com

jzvmp3.com

milkman.land

moxlove.com

aarna-homes.com

kuaijiksw.com

dienmaysanh.com

inventaire-pi-archi.com

polycompo.info

Targets

- Target
  
  ec9bc7cf247b5824c06b4a44912a9158_JaffaCakes118
- Size
  
  709KB
- MD5
  
  ec9bc7cf247b5824c06b4a44912a9158
- SHA1
  
  39da546e066a3e83b9d9c18a942cb18690868320
- SHA256
  
  8f20faa7f6518392ef652a0bde4cd71a1f693b08d633a6b116e1da4b8b9122f8
- SHA512
  
  1f002d5618bdf5693df9177007a0446a76255720834b2a4acafae5b42ae86df2642a6be33b00508d51d688e8901241d1fbf20b1b01dd1461f4267124805cc763
- SSDEEP
  
  12288:S5vxdHRnttFPo7JvYxADAg8gc/WRB2qEsIpMcMGFGocE6cHL01lWvGPP7r9r/+pj:StxdxttBoJH7JEnWcM6c1q
Score

10^/10

xloader bqt25 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2