xloader

General

Target

JaffaCakes118_a82d2724609a36d83025e068e0ecaf24
Size

588KB
Sample

250108-yblayasqbj
MD5

a82d2724609a36d83025e068e0ecaf24
SHA1

4d64322b4b3d2c377dd876f23e019dcb3fb845fd
SHA256

a89f0179ec20c267d6117b57bf2930b2de55cb7c091ba84ebb05cf7feb306839
SHA512

6b94bee8cfb46b8c8eea5f5767f4bfaa0d0f6a198b41bcf06243c1c5be06f7a343c40c08b62ebbff7264e42bb78cd1a818703ee2eb7ac32a39a50bb8b66662e4
SSDEEP

12288:pr3bUzN/1YCKK+NZx2UO3bQPy7LFOhsReHH:o/KKiZxhwbQPy7JOyRen

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fqiq

Decoy

driventow.com

ipatchwork.today

bolder.equipment

seal-brother.com

mountlaketerraceapartments.com

weeden.xyz

sanlifalan.com

athafood.com

isshinn1.com

creationslazzaroni.com

eclecticrenaissancewoman.com

satellitephonstore.com

cotchildcare.com

yamacorp.digital

ff4cuno43.xyz

quicksticks.community

govindfinance.com

farmersfirstseed.com

megacinema.club

tablescaperendezvous4two.com

Targets

- Target
  
  JaffaCakes118_a82d2724609a36d83025e068e0ecaf24
- Size
  
  588KB
- MD5
  
  a82d2724609a36d83025e068e0ecaf24
- SHA1
  
  4d64322b4b3d2c377dd876f23e019dcb3fb845fd
- SHA256
  
  a89f0179ec20c267d6117b57bf2930b2de55cb7c091ba84ebb05cf7feb306839
- SHA512
  
  6b94bee8cfb46b8c8eea5f5767f4bfaa0d0f6a198b41bcf06243c1c5be06f7a343c40c08b62ebbff7264e42bb78cd1a818703ee2eb7ac32a39a50bb8b66662e4
- SSDEEP
  
  12288:pr3bUzN/1YCKK+NZx2UO3bQPy7LFOhsReHH:o/KKiZxhwbQPy7JOyRen
Score

10^/10

xloader fqiq discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2