xloader

General

Target

f1778e10ebe79d43824716896d407a07_JaffaCakes118
Size

1.2MB
Sample

240415-tqhq5sch7s
MD5

f1778e10ebe79d43824716896d407a07
SHA1

ec03537af042f6fc51b2b6cfb87107e09f22f6a6
SHA256

debf9ef658a9abcc44b0d3e2d4949a2bc5f46d85c4ce44a1ad5c93c329ed62a2
SHA512

a8aaf3167a1f85bb287abb94262231bec92a8ea9817445f411a5f6c81e88eeccb749a74167dc9d8ec9aab31c19bd3926297f8586a3c5e5d89866be371f940d69
SSDEEP

24576:AhOsBgo0q4wMfBmCmTOUd+L6kvXWcr539JcsjEwJQwyRVBT:AYoHMpmCm6Ud+zvXPr539Tj7mwypT

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rqe8

Decoy

bjft.net

abrosnm3.com

badlistens.com

signal-japan.com

schaka.com

kingdompersonalbranding.com

sewmenship.com

lzproperty.com

mojoimpacthosting.com

carinsurancecoverage.care

corporatemercadona.com

mobileswash.com

forevercelebration2026.com

co-het.com

bellesherlou.com

commentsoldgolf.com

onlytwod.group

utesco.info

martstrip.com

onszdgu.icu

Targets

- Target
  
  f1778e10ebe79d43824716896d407a07_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  f1778e10ebe79d43824716896d407a07
- SHA1
  
  ec03537af042f6fc51b2b6cfb87107e09f22f6a6
- SHA256
  
  debf9ef658a9abcc44b0d3e2d4949a2bc5f46d85c4ce44a1ad5c93c329ed62a2
- SHA512
  
  a8aaf3167a1f85bb287abb94262231bec92a8ea9817445f411a5f6c81e88eeccb749a74167dc9d8ec9aab31c19bd3926297f8586a3c5e5d89866be371f940d69
- SSDEEP
  
  24576:AhOsBgo0q4wMfBmCmTOUd+L6kvXWcr539JcsjEwJQwyRVBT:AYoHMpmCm6Ud+zvXPr539Tj7mwypT
Score

10^/10

xloader rqe8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2