xloader

General

Target

JaffaCakes118_d118b4c9ab86717e36c9f2fc6bf7be56
Size

616KB
Sample

250109-yslb9szjcy
MD5

d118b4c9ab86717e36c9f2fc6bf7be56
SHA1

bd4f36443ef11158caf0bd2c6c932fdc1d6903dc
SHA256

37a101ec34e0a952b841554cd7e9f78091166c8e6c5f352da65fbabdaf7ec146
SHA512

f6b87599e4b8681202d7c6f1e0d7e6a061fcb958e380108afed70f8c1a78809d984b2dc2ed9e8bed079c32c084b409cf26c70c75268901080a5e0ff1259fa7a6
SSDEEP

12288:7ypMe9AlMc2737t1dqsBl+7V7kPH/kpJQ59D6uuPbJ0TbCNjg:7xB2737tzqs67bQ5J6uuPbJ8Cjg

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

hqvn

Decoy

foodhub-pay-link.com

signalplusnigeria.com

unprocreated.info

fondidal1936.com

opendialogmonaco.com

labessentials.xyz

scientechic.com

lakesidepointeatlakenorman.com

teklis.biz

jibberes.info

dellere.com

camaras.store

car2govancouver.com

maximizer.icu

morningafterskin.com

kode-buy.com

stogecoin.com

grv.digital

weihao-autoparts.com

jhaww.com

Targets

- Target
  
  JaffaCakes118_d118b4c9ab86717e36c9f2fc6bf7be56
- Size
  
  616KB
- MD5
  
  d118b4c9ab86717e36c9f2fc6bf7be56
- SHA1
  
  bd4f36443ef11158caf0bd2c6c932fdc1d6903dc
- SHA256
  
  37a101ec34e0a952b841554cd7e9f78091166c8e6c5f352da65fbabdaf7ec146
- SHA512
  
  f6b87599e4b8681202d7c6f1e0d7e6a061fcb958e380108afed70f8c1a78809d984b2dc2ed9e8bed079c32c084b409cf26c70c75268901080a5e0ff1259fa7a6
- SSDEEP
  
  12288:7ypMe9AlMc2737t1dqsBl+7V7kPH/kpJQ59D6uuPbJ0TbCNjg:7xB2737tzqs67bQ5J6uuPbJ8Cjg
Score

10^/10

xloader hqvn discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader family

Xloader payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2