xloader

General

Target

JaffaCakes118_b3976225591d2e9deb13be0795244849
Size

378KB
Sample

250108-3w73nayndx
MD5

b3976225591d2e9deb13be0795244849
SHA1

e20462cc6735566609e86776cf7337e1c80046e5
SHA256

586401acc75a4f5399beb0d716ccb5ed0fe05e18aeeaa99fef61fd02d6d63389
SHA512

fc7af62818ae3792e26f515eed2f741924ad18439e9aba88618637a421cff970a52765d3794e200e564e0a0843c7ad4f752157146b2609a0b7be8a7acba1e363
SSDEEP

6144:ckkdR5XT4Uxk+hN9n3GDlEUyl6SHGYwBP5cK/sFW8E4KSJJ35zR+b:ckERpCCnOfylGxOK/schOzs

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p4qi

Decoy

muhaart.com

sherwoodrummages.com

asw2utha4l.com

circularsmartcity.com

moebellueckoff.com

bodeguitayolo.com

schotinderoos.com

brandianext.com

shanxichangyou.com

metaversecake.com

fiyatsepetim.com

14ideedumois.com

brillenglas-experte.com

evoprostaf.online

dewaynehotline.com

jadeshelf.com

odhlzujfgl.com

babyboybarozzini.com

inndev.digital

slywnk.com

Targets

- Target
  
  JaffaCakes118_b3976225591d2e9deb13be0795244849
- Size
  
  378KB
- MD5
  
  b3976225591d2e9deb13be0795244849
- SHA1
  
  e20462cc6735566609e86776cf7337e1c80046e5
- SHA256
  
  586401acc75a4f5399beb0d716ccb5ed0fe05e18aeeaa99fef61fd02d6d63389
- SHA512
  
  fc7af62818ae3792e26f515eed2f741924ad18439e9aba88618637a421cff970a52765d3794e200e564e0a0843c7ad4f752157146b2609a0b7be8a7acba1e363
- SSDEEP
  
  6144:ckkdR5XT4Uxk+hN9n3GDlEUyl6SHGYwBP5cK/sFW8E4KSJJ35zR+b:ckERpCCnOfylGxOK/schOzs
Score

10^/10

xloader p4qi discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2