xloader

General

Target

2d401eff3fb7e3d78d85727e0235e5c3_JaffaCakes118
Size

1.3MB
Sample

241009-jcdj6athkq
MD5

2d401eff3fb7e3d78d85727e0235e5c3
SHA1

70dfa677d8e1009ad21271b4db00297291cf35d4
SHA256

ab4795f656b54e9388c89d6a4df52747510fa418bdb50aa3bafd7b332ef1ff81
SHA512

ad3f4f6adbba1fd1abfe3b43e4947d0197601ad6fed60557e4f75a01d959a3c33adce76eda19864e782a0cc7d18b02f1e34b191b42af836b78c7b31e108e1188
SSDEEP

12288:5oB0gKu/u5h9MCfKNeSxLL+OGaO2zYGQiOv7pXMsfvA4/Kzt16RDQ6H+Uy1Susr4:u07u/AMCfWNL+J5v7JMsGtKUZZS5R07

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rqe8

Decoy

bjft.net

abrosnm3.com

badlistens.com

signal-japan.com

schaka.com

kingdompersonalbranding.com

sewmenship.com

lzproperty.com

mojoimpacthosting.com

carinsurancecoverage.care

corporatemercadona.com

mobileswash.com

forevercelebration2026.com

co-het.com

bellesherlou.com

commentsoldgolf.com

onlytwod.group

utesco.info

martstrip.com

onszdgu.icu

Targets

- Target
  
  2d401eff3fb7e3d78d85727e0235e5c3_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  2d401eff3fb7e3d78d85727e0235e5c3
- SHA1
  
  70dfa677d8e1009ad21271b4db00297291cf35d4
- SHA256
  
  ab4795f656b54e9388c89d6a4df52747510fa418bdb50aa3bafd7b332ef1ff81
- SHA512
  
  ad3f4f6adbba1fd1abfe3b43e4947d0197601ad6fed60557e4f75a01d959a3c33adce76eda19864e782a0cc7d18b02f1e34b191b42af836b78c7b31e108e1188
- SSDEEP
  
  12288:5oB0gKu/u5h9MCfKNeSxLL+OGaO2zYGQiOv7pXMsfvA4/Kzt16RDQ6H+Uy1Susr4:u07u/AMCfWNL+J5v7JMsGtKUZZS5R07
Score

10^/10

discovery xloader rqe8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2