xloader

General

Target

1320826aad206c73693a5d70e452eb34_JaffaCakes118
Size

375KB
Sample

241004-ndj6jsvfjd
MD5

1320826aad206c73693a5d70e452eb34
SHA1

066433de1be41d2f11e1b0e2abbf9cfd163b5161
SHA256

5d9695ddab357ac379216b90f8c47a6fcd8c68c731dddeac77d5aa515dcbaa5a
SHA512

81bd13c2724b25bbc2acff208365619b23d4bdf4ea7f7db00f25c0b97346bf7b1879f74c04e795eca2072d7678b2f63c8ff0840dc97468afcde695e9a4c937e0
SSDEEP

6144:NokJIphIK9JyC2Tlni13cs8doYhmyF1zd1IUJq8m+yfvGdZ:KkJJK/yC2Tlnrs8do6mWB1HJq8mhfOX

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rqe8

Decoy

bjft.net

abrosnm3.com

badlistens.com

signal-japan.com

schaka.com

kingdompersonalbranding.com

sewmenship.com

lzproperty.com

mojoimpacthosting.com

carinsurancecoverage.care

corporatemercadona.com

mobileswash.com

forevercelebration2026.com

co-het.com

bellesherlou.com

commentsoldgolf.com

onlytwod.group

utesco.info

martstrip.com

onszdgu.icu

Targets

- Target
  
  1320826aad206c73693a5d70e452eb34_JaffaCakes118
- Size
  
  375KB
- MD5
  
  1320826aad206c73693a5d70e452eb34
- SHA1
  
  066433de1be41d2f11e1b0e2abbf9cfd163b5161
- SHA256
  
  5d9695ddab357ac379216b90f8c47a6fcd8c68c731dddeac77d5aa515dcbaa5a
- SHA512
  
  81bd13c2724b25bbc2acff208365619b23d4bdf4ea7f7db00f25c0b97346bf7b1879f74c04e795eca2072d7678b2f63c8ff0840dc97468afcde695e9a4c937e0
- SSDEEP
  
  6144:NokJIphIK9JyC2Tlni13cs8doYhmyF1zd1IUJq8m+yfvGdZ:KkJJK/yC2Tlnrs8do6mWB1HJq8mhfOX
Score

10^/10

xloader rqe8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2