xloader | cc4553246ad672baadc2e92ecebda07692e134ffc1a59a9712f0e040816cb465 | Triage

Sharing

General

Target

d1936278e94346fcf81b844608c0c63f_JaffaCakes118
Size

931KB
Sample

241207-kqpp1svmez
MD5

d1936278e94346fcf81b844608c0c63f
SHA1

b24a049a5b97269bdf1fa068065305a154884725
SHA256

cc4553246ad672baadc2e92ecebda07692e134ffc1a59a9712f0e040816cb465
SHA512

5093b240042c039b1ebc19d832e3aa49e7c1cb4d2b7cf381dacc360cfa078ffc382d6b77abb1cd1e8d6695611da8895c41f6fa0c8d77a133c7891ca51eb2a73a
SSDEEP

24576:eh5qHROgkvJ6SBrGI4OX0nw59ACtu8UqjKboM:LxvIkSBDXZ9ACI8U30M

Score

10^/10

xloader q4kr discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

q4kr

Decoy

realmodapk.com

hanoharuka.com

shivalikspiritualproducts.com

womenshealthclinincagra.com

racketpark.com

startuporig.com

azkachinas.com

klanblog.com

linuxradio.tools

siteoficial-liquida.com

glsbuyer.com

bestdeez.com

teens2cash.com

valleyviewconstruct.com

myfortniteskins.com

cambecare.com

csec2011.com

idookap.com

warmwallsrecords.com

smartmirror.one

Targets

- Target
  
  d1936278e94346fcf81b844608c0c63f_JaffaCakes118
- Size
  
  931KB
- MD5
  
  d1936278e94346fcf81b844608c0c63f
- SHA1
  
  b24a049a5b97269bdf1fa068065305a154884725
- SHA256
  
  cc4553246ad672baadc2e92ecebda07692e134ffc1a59a9712f0e040816cb465
- SHA512
  
  5093b240042c039b1ebc19d832e3aa49e7c1cb4d2b7cf381dacc360cfa078ffc382d6b77abb1cd1e8d6695611da8895c41f6fa0c8d77a133c7891ca51eb2a73a
- SSDEEP
  
  24576:eh5qHROgkvJ6SBrGI4OX0nw59ACtu8UqjKboM:LxvIkSBDXZ9ACI8U30M
Score

10^/10

xloader q4kr discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderq4krdiscoveryloaderrat

behavioral2

xloaderq4krdiscoveryloaderrat