xloader

General

Target

f8012c68dbfc30b3724d40ddfc39eca4_JaffaCakes118
Size

860KB
Sample

240418-psq33sed2s
MD5

f8012c68dbfc30b3724d40ddfc39eca4
SHA1

130c7691681119b56187104a781c777198708183
SHA256

8151e6031cf57c2b19146881a32fb1fd50b39b6ee5c7cd689c4e2a6216f1433d
SHA512

1394edf09155a3057e22de5ac1082e6d7abce2e6a8530e8a3cb382b87f38bbd4baa93e171f01a1176d1d8829de599034fba8dbf4aaba876628d17816a9bed043
SSDEEP

12288:11Wl8T5+M63xjmeMf3vQY9244jz5X9tPAEAvP:1A24dxYvx4vJvkvP

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rqe8

Decoy

bjft.net

abrosnm3.com

badlistens.com

signal-japan.com

schaka.com

kingdompersonalbranding.com

sewmenship.com

lzproperty.com

mojoimpacthosting.com

carinsurancecoverage.care

corporatemercadona.com

mobileswash.com

forevercelebration2026.com

co-het.com

bellesherlou.com

commentsoldgolf.com

onlytwod.group

utesco.info

martstrip.com

onszdgu.icu

Targets

- Target
  
  f8012c68dbfc30b3724d40ddfc39eca4_JaffaCakes118
- Size
  
  860KB
- MD5
  
  f8012c68dbfc30b3724d40ddfc39eca4
- SHA1
  
  130c7691681119b56187104a781c777198708183
- SHA256
  
  8151e6031cf57c2b19146881a32fb1fd50b39b6ee5c7cd689c4e2a6216f1433d
- SHA512
  
  1394edf09155a3057e22de5ac1082e6d7abce2e6a8530e8a3cb382b87f38bbd4baa93e171f01a1176d1d8829de599034fba8dbf4aaba876628d17816a9bed043
- SSDEEP
  
  12288:11Wl8T5+M63xjmeMf3vQY9244jz5X9tPAEAvP:1A24dxYvx4vJvkvP
Score

10^/10

xloader rqe8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2