xloader

General

Target

JaffaCakes118_a0992ed732b9ff9ede1ea7110b093d56
Size

430KB
Sample

250105-nf9tzsvlhn
MD5

a0992ed732b9ff9ede1ea7110b093d56
SHA1

9620fe7daaab3861287330e311c220954545b1ef
SHA256

121f61ebfff0c27ee2a9df12e2d27e1908c8b895b7c80083be925498216d4c47
SHA512

155f9cf2b1b2de1435a271e317497302779aaccd1ef1a836c1b61c231435f53f27f0ff4500fa84d40234ac97bef9d5a63cfc756a79dd0cb1f6226bf561e4da85
SSDEEP

12288:fUi2iNuLhSgbttjwyXUXdJqKj2TMO/Sd++UD:fUi1kSgnwyX2dJqK2iDUD

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fqiq

Decoy

driventow.com

ipatchwork.today

bolder.equipment

seal-brother.com

mountlaketerraceapartments.com

weeden.xyz

sanlifalan.com

athafood.com

isshinn1.com

creationslazzaroni.com

eclecticrenaissancewoman.com

satellitephonstore.com

cotchildcare.com

yamacorp.digital

ff4cuno43.xyz

quicksticks.community

govindfinance.com

farmersfirstseed.com

megacinema.club

tablescaperendezvous4two.com

Targets

- Target
  
  JaffaCakes118_a0992ed732b9ff9ede1ea7110b093d56
- Size
  
  430KB
- MD5
  
  a0992ed732b9ff9ede1ea7110b093d56
- SHA1
  
  9620fe7daaab3861287330e311c220954545b1ef
- SHA256
  
  121f61ebfff0c27ee2a9df12e2d27e1908c8b895b7c80083be925498216d4c47
- SHA512
  
  155f9cf2b1b2de1435a271e317497302779aaccd1ef1a836c1b61c231435f53f27f0ff4500fa84d40234ac97bef9d5a63cfc756a79dd0cb1f6226bf561e4da85
- SSDEEP
  
  12288:fUi2iNuLhSgbttjwyXUXdJqKj2TMO/Sd++UD:fUi1kSgnwyX2dJqK2iDUD
Score

10^/10

xloader fqiq discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2