xloader

General

Target

eee74ecebe1db0d00c91e42c8f9d4291_JaffaCakes118
Size

294KB
Sample

240412-cr862sff3v
MD5

eee74ecebe1db0d00c91e42c8f9d4291
SHA1

cf189ab83818e7ce393e684e35a32523a89bb79b
SHA256

71e6e7d336cab608f2a3f0c6535a2ba1e0b0ec7b505c8f079f6d340f1c28dea8
SHA512

2d20d910d31fa39a929be31bcf222c0922dd989ee3593c223cf0a1ed8c16eb1fd9c03a6e928ed7e2f6b6b908518b87b42404880dde7ec6e80970abc704e1ff5b
SSDEEP

6144:L6IXCyvGniwEKbnsoqoo6tynz5Sdl+23i9IfX71+GWiUlXnCw:TXDvhwZrASynkdQUi9Iv7hW3Cw

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

qb4a

Decoy

travelsonabike2.net

eurekaprice.com

bkardd.com

vr893.com

nnsxykj.com

q-p.info

691485.com

magixe.com

frankysfurnituregallery.com

businessloansug.com

rocketcompaniesshady.info

lercoantincenti.com

pelosi4never.com

bide168.com

socialsecuritybonds.com

xn--hy1bj7gtvmh9a15t.com

anjaschaefer.net

wickedfavicon.com

bitesizedstudio.com

ecogiftsuk.com

Targets

- Target
  
  eee74ecebe1db0d00c91e42c8f9d4291_JaffaCakes118
- Size
  
  294KB
- MD5
  
  eee74ecebe1db0d00c91e42c8f9d4291
- SHA1
  
  cf189ab83818e7ce393e684e35a32523a89bb79b
- SHA256
  
  71e6e7d336cab608f2a3f0c6535a2ba1e0b0ec7b505c8f079f6d340f1c28dea8
- SHA512
  
  2d20d910d31fa39a929be31bcf222c0922dd989ee3593c223cf0a1ed8c16eb1fd9c03a6e928ed7e2f6b6b908518b87b42404880dde7ec6e80970abc704e1ff5b
- SSDEEP
  
  6144:L6IXCyvGniwEKbnsoqoo6tynz5Sdl+23i9IfX71+GWiUlXnCw:TXDvhwZrASynkdQUi9Iv7hW3Cw
Score

10^/10

xloader qb4a loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2