xloader

General

Target

JaffaCakes118_d4c15f27fc4c4f69dc55491818d8249e8605c2b308615832f054012279d9f0cf
Size

592KB
Sample

241230-3lznjatqdk
MD5

07237613c03c9f59830101cb1d09424a
SHA1

718af653cbc259c572e937fbd9aeee7d21d1fe30
SHA256

d4c15f27fc4c4f69dc55491818d8249e8605c2b308615832f054012279d9f0cf
SHA512

26d370740501113f784a5c99cc62310f85c9be3bfea77bb99dc5966237011e740f8b5a2984925a201068064ea62062ad2dc4cae18ddfe8c67fa270fd2bb102f4
SSDEEP

12288:DXpxPI+ydjXAhcV8FwAnBAYz0NuRdVeN5mZqC5Z6mr3:/P0dzAhcV8my2Yz0QVWYZ2mr3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rqe8

Decoy

bjft.net

abrosnm3.com

badlistens.com

signal-japan.com

schaka.com

kingdompersonalbranding.com

sewmenship.com

lzproperty.com

mojoimpacthosting.com

carinsurancecoverage.care

corporatemercadona.com

mobileswash.com

forevercelebration2026.com

co-het.com

bellesherlou.com

commentsoldgolf.com

onlytwod.group

utesco.info

martstrip.com

onszdgu.icu

Targets

- Target
  
  Craig_Group_Quotation,pdf.exe
- Size
  
  1.1MB
- MD5
  
  a885699fd3e6da80b574541565df717e
- SHA1
  
  fa98d786dd5ec70400573dde7301ac6c6eb8e720
- SHA256
  
  7541f828539e1c7ddccbb3c581886958b16c8016675ac2fb2dd9998bd1dc1161
- SHA512
  
  9711111833a07fe9f4366b928ce3c1cd9d7eee270129972a0260864432214c931c7356bcb0d874701407f812b0a64e0254f4a74d96ac4900e3f971156989b83d
- SSDEEP
  
  24576:QTOxcq/gHU5/d3dK64J5IHuH4oJiA+wneFl4MxgalS:QTOxpK64JyOYoEX4MOX
Score

10^/10

xloader rqe8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

CustAttr .NET packer

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2