xloader

General

Target

c5b445d902e6f466518a68b4629d84d4_JaffaCakes118
Size

376KB
Sample

241205-d5gvdsspgm
MD5

c5b445d902e6f466518a68b4629d84d4
SHA1

5aa25fde4e748078a1fe52fdcc923465591572b8
SHA256

aa9574014df2ac3fe4c9f8e32c45197542377ea99805665bcb0b4258df36adda
SHA512

1eb48df45dadfcdacfb0272ab4ed3f858e9aa9e1c658da5879b6eb321364c12c091909cb3eb09338e75aa98c16150c015aff42f3eca04a296f5aeda19edb9994
SSDEEP

6144:7+GEpIph2K6LOw+9VhypJzkqCeXLjaAWBplGbEDcM+VR:5EpHKm+JeNna3GbEF+n

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rqe8

Decoy

bjft.net

abrosnm3.com

badlistens.com

signal-japan.com

schaka.com

kingdompersonalbranding.com

sewmenship.com

lzproperty.com

mojoimpacthosting.com

carinsurancecoverage.care

corporatemercadona.com

mobileswash.com

forevercelebration2026.com

co-het.com

bellesherlou.com

commentsoldgolf.com

onlytwod.group

utesco.info

martstrip.com

onszdgu.icu

Targets

- Target
  
  c5b445d902e6f466518a68b4629d84d4_JaffaCakes118
- Size
  
  376KB
- MD5
  
  c5b445d902e6f466518a68b4629d84d4
- SHA1
  
  5aa25fde4e748078a1fe52fdcc923465591572b8
- SHA256
  
  aa9574014df2ac3fe4c9f8e32c45197542377ea99805665bcb0b4258df36adda
- SHA512
  
  1eb48df45dadfcdacfb0272ab4ed3f858e9aa9e1c658da5879b6eb321364c12c091909cb3eb09338e75aa98c16150c015aff42f3eca04a296f5aeda19edb9994
- SSDEEP
  
  6144:7+GEpIph2K6LOw+9VhypJzkqCeXLjaAWBplGbEDcM+VR:5EpHKm+JeNna3GbEF+n
Score

10^/10

xloader rqe8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2