xloader | c85eab78147f680f396925b005564604d84bcff97fec4bfb27e13071e791d985 | Triage

Sharing

General

Target

1fd9cebb62fdfd2ee9533e35a6d14aa3_JaffaCakes118
Size

1006KB
Sample

241008-f9x4aavfmh
MD5

1fd9cebb62fdfd2ee9533e35a6d14aa3
SHA1

d43f787cf9f8c5588f6c267d3983ca5ecf6acc88
SHA256

c85eab78147f680f396925b005564604d84bcff97fec4bfb27e13071e791d985
SHA512

cc965a63a729e0be816c646155ebf201464b6d40362c9eccdab53a3653c361c829069b354f9e38dd24ac2b89ec52c7f733b825e74d45c34ec8b5588065888088
SSDEEP

12288:oErs4ma/bma0cxKGU2fBCRKzPARKhpwAyxRD7U4qZ2vEVBhUSB:o3XaiC/ZCAjAcwAADTqZ2vEVBhU

Score

10^/10

xloader q4kr discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q4kr

Decoy

realmodapk.com

hanoharuka.com

shivalikspiritualproducts.com

womenshealthclinincagra.com

racketpark.com

startuporig.com

azkachinas.com

klanblog.com

linuxradio.tools

siteoficial-liquida.com

glsbuyer.com

bestdeez.com

teens2cash.com

valleyviewconstruct.com

myfortniteskins.com

cambecare.com

csec2011.com

idookap.com

warmwallsrecords.com

smartmirror.one

Targets

- Target
  
  1fd9cebb62fdfd2ee9533e35a6d14aa3_JaffaCakes118
- Size
  
  1006KB
- MD5
  
  1fd9cebb62fdfd2ee9533e35a6d14aa3
- SHA1
  
  d43f787cf9f8c5588f6c267d3983ca5ecf6acc88
- SHA256
  
  c85eab78147f680f396925b005564604d84bcff97fec4bfb27e13071e791d985
- SHA512
  
  cc965a63a729e0be816c646155ebf201464b6d40362c9eccdab53a3653c361c829069b354f9e38dd24ac2b89ec52c7f733b825e74d45c34ec8b5588065888088
- SSDEEP
  
  12288:oErs4ma/bma0cxKGU2fBCRKzPARKhpwAyxRD7U4qZ2vEVBhUSB:o3XaiC/ZCAjAcwAADTqZ2vEVBhU
Score

10^/10

xloader q4kr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderq4krdiscoveryloaderrat

behavioral2

xloaderq4krdiscoveryloaderrat