xloader

General

Target

0cc094b93ea3fe9dcf1897e41d8ef875_JaffaCakes118
Size

881KB
Sample

241002-2nr6ssvdrc
MD5

0cc094b93ea3fe9dcf1897e41d8ef875
SHA1

26a40e556b826052196a2bcea93d1962ea1a6eaf
SHA256

811745e059225a9d2c1e3a283c2895589f36332a5e90c6cbe3425b841b3b024d
SHA512

c98f2a184be3d15a7dbb3c7d882d3a8848dfd6709e461457ba84170a7ceea558f6494ab73c397144091e1715add5623b611c48078576c44c44a509425898c091
SSDEEP

12288:Y94in3qGaNHEyC9/oR9gy5ZHK7zWQDLDhjiKznNWOoyw1rFYi/tOfeAD7GK:8Pp9AR95SlLDxn0ORw1xYSt7e7GK

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q4kr

Decoy

realmodapk.com

hanoharuka.com

shivalikspiritualproducts.com

womenshealthclinincagra.com

racketpark.com

startuporig.com

azkachinas.com

klanblog.com

linuxradio.tools

siteoficial-liquida.com

glsbuyer.com

bestdeez.com

teens2cash.com

valleyviewconstruct.com

myfortniteskins.com

cambecare.com

csec2011.com

idookap.com

warmwallsrecords.com

smartmirror.one

Targets

- Target
  
  0cc094b93ea3fe9dcf1897e41d8ef875_JaffaCakes118
- Size
  
  881KB
- MD5
  
  0cc094b93ea3fe9dcf1897e41d8ef875
- SHA1
  
  26a40e556b826052196a2bcea93d1962ea1a6eaf
- SHA256
  
  811745e059225a9d2c1e3a283c2895589f36332a5e90c6cbe3425b841b3b024d
- SHA512
  
  c98f2a184be3d15a7dbb3c7d882d3a8848dfd6709e461457ba84170a7ceea558f6494ab73c397144091e1715add5623b611c48078576c44c44a509425898c091
- SSDEEP
  
  12288:Y94in3qGaNHEyC9/oR9gy5ZHK7zWQDLDhjiKznNWOoyw1rFYi/tOfeAD7GK:8Pp9AR95SlLDxn0ORw1xYSt7e7GK
Score

10^/10

xloader q4kr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2