xloader

General

Target

4650af5882a76acbb99b4545b37bd54d_JaffaCakes118
Size

481KB
Sample

241015-hf5blszfpa
MD5

4650af5882a76acbb99b4545b37bd54d
SHA1

86aa307ba05607db60f0f43eb9094a04a9e89454
SHA256

c7151fd1d673aaf17c560cf8156f1bf3e6a909bd4a3ac4307edc25fa3bc04b42
SHA512

4d7c35708ef6aaaddb76008e64c56f973214956b920a4d1f8b4818a0d0f85f91e22e35c378fc42f1066f215eb2a79e3beea69559b047401217de4c27a9f94c36
SSDEEP

12288:c+mJL0S8rKgcZrFx4Oi5kThktSlkY9PT/nMmR:YXlHx4Oi5kThktSlkY9TnvR

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

qs23

Decoy

alimentosafc.com

noveltyporpak.xyz

fleteszoom.com

crabcompanions.com

metumuskfinance.com

perfectwatch.store

thweddingstory.com

ameliasongsforever.com

enowrecords.com

mywebcrown.com

silianceconseil.com

moodoven.com

generalwholesalestore.com

laguiza.com

gionakpil.com

nftfreemarket.com

astrainconsultora.com

favoritepedia.com

mycprguru.com

estateadmin.services

Targets

- Target
  
  4650af5882a76acbb99b4545b37bd54d_JaffaCakes118
- Size
  
  481KB
- MD5
  
  4650af5882a76acbb99b4545b37bd54d
- SHA1
  
  86aa307ba05607db60f0f43eb9094a04a9e89454
- SHA256
  
  c7151fd1d673aaf17c560cf8156f1bf3e6a909bd4a3ac4307edc25fa3bc04b42
- SHA512
  
  4d7c35708ef6aaaddb76008e64c56f973214956b920a4d1f8b4818a0d0f85f91e22e35c378fc42f1066f215eb2a79e3beea69559b047401217de4c27a9f94c36
- SSDEEP
  
  12288:c+mJL0S8rKgcZrFx4Oi5kThktSlkY9PT/nMmR:YXlHx4Oi5kThktSlkY9TnvR
Score

10^/10

xloader qs23 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2