xloader

General

Target

e7ab9bade805055ba06243ba8123934608aa7b35e13fc823b8f88bc42c74ebd5
Size

400KB
Sample

241121-yzpchawpgv
MD5

6b3ea5eee8c2ffc1c6f014f0865cfbf1
SHA1

c5ab9745b98e94c6608f19c37565c7f1cc32a984
SHA256

e7ab9bade805055ba06243ba8123934608aa7b35e13fc823b8f88bc42c74ebd5
SHA512

f4a71d6e54d1797186ddcddf0156d153f1487463a803f0a3eed333b566d3acf013b9545410dbe49d6d4c358049068b3db7a27a3a2865d17ee33bfe28239a5c3f
SSDEEP

12288:KAY+B5VzjDhb3WQ8PW+VupG8v+mG2LL5W9slgad:3Y+BHxbh+V/mGsL5eQn

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rqe8

Decoy

bjft.net

abrosnm3.com

badlistens.com

signal-japan.com

schaka.com

kingdompersonalbranding.com

sewmenship.com

lzproperty.com

mojoimpacthosting.com

carinsurancecoverage.care

corporatemercadona.com

mobileswash.com

forevercelebration2026.com

co-het.com

bellesherlou.com

commentsoldgolf.com

onlytwod.group

utesco.info

martstrip.com

onszdgu.icu

Targets

- Target
  
  77bc9e1c6ed525c2a517635600855407e05a44d1410ef4a26140192a28e476ce
- Size
  
  858KB
- MD5
  
  5e1aa7db6c4525d63939bd5731e4f335
- SHA1
  
  a02b9a3ba506f11e40cbc481b13a9adfcd385bae
- SHA256
  
  77bc9e1c6ed525c2a517635600855407e05a44d1410ef4a26140192a28e476ce
- SHA512
  
  bfbf9b236b80c0e19b3492c40566093d08d4106c03f571748d7fc19287db3d1cd336d5c1cd2f292499bb4af0b5434d121906cfaf7a189cc98813fee3b9afa327
- SSDEEP
  
  6144:s1W1nA/DpvTpJMDqoskW9hzudastfAOvCjYxfdlGLJDPwBKxs0gyIBqnXbV8MUcN:s1Wl8TpJMxskWv6tf4wBKxs0YqLV6c8Q
Score

10^/10

xloader rqe8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2