xloader

General

Target

f9bded6d9401144a3485ddd295dc2b7e_JaffaCakes118
Size

763KB
Sample

240419-hl8k8abc53
MD5

f9bded6d9401144a3485ddd295dc2b7e
SHA1

98e4b809cd6fba4205a92679825966bba7e868f1
SHA256

de0204a1139358642d9fb0ceb2a62b58fe7f89cf254509f83c636b9ee2aa25ce
SHA512

3347248054bf8eb3ba194f3485fb0518ed7c220a7adcca59767f546321503e2769c461e4fda26f5027f117c95ec31c31d6b6e15dd7a2e3e4b184b5897440a6ac
SSDEEP

12288:Jbk3u/m4SZ/r4wLhgw3HqtkYjstnVGD42WzwssJIWAyb2VviWsg1KL3s0Oz:59/mDZ/rkyCo8D41zDeiVv1KLcD

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

qcir

Decoy

bahucharoptical.com

mididis.net

neenaknowsrealestate.com

thenaughtywoodworker.com

blackbackedbusiness.com

softwaremapper.com

kot-lab.net

ceipsanjuanbautista.net

binewsmontgomery.com

truenorthhomeschooling.com

careerbookstore.online

lilycampbellbooks.com

mbhpoetry.com

dropserved.com

fgroupsrilanka.com

theearwitness.com

greenbaycommunitytheater.com

fullscopebackgrounds.com

qzi-iz.com

jilleolk.com

Targets

- Target
  
  f9bded6d9401144a3485ddd295dc2b7e_JaffaCakes118
- Size
  
  763KB
- MD5
  
  f9bded6d9401144a3485ddd295dc2b7e
- SHA1
  
  98e4b809cd6fba4205a92679825966bba7e868f1
- SHA256
  
  de0204a1139358642d9fb0ceb2a62b58fe7f89cf254509f83c636b9ee2aa25ce
- SHA512
  
  3347248054bf8eb3ba194f3485fb0518ed7c220a7adcca59767f546321503e2769c461e4fda26f5027f117c95ec31c31d6b6e15dd7a2e3e4b184b5897440a6ac
- SSDEEP
  
  12288:Jbk3u/m4SZ/r4wLhgw3HqtkYjstnVGD42WzwssJIWAyb2VviWsg1KL3s0Oz:59/mDZ/rkyCo8D41zDeiVv1KLcD
Score

10^/10

xloader qcir loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2