xloader

General

Target

aT8aer3ybNvYpl3.exe
Size

803KB
Sample

210920-ytpfbafce5
MD5

1eaf8232051d48b6207937c971965e2d
SHA1

0e1edb9297f0b7db297be69d4aee0c3a38eb7b84
SHA256

0693c816986f73899e351e1989103e680c336f401cca1d14f5bce3b5865cfee6
SHA512

c4d32524b6448e26a4aaa6224e6e55adbd040d2b1389cf5702386e7bf8a965232f8aa2b73d43b3da5424487e008fda05f003e280a233d6b1785374f7cc987d75

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gjeh

C2

http://www.getaudionow.com/gjeh/

Decoy

carmator.com

bsbqrp.com

siemens-mp.com

dunnfloorcoverings.com

cpassminimedicalschools.info

howtodesignyourhomeoffice.com

famliytaste.com

freesocialmarketing.com

jejuhaenyeo.net

tradebot.icu

arzug.com

carrefour-solucoes.online

ladyom.com

aoironote.com

newmexicocarwreckattorney.com

wealthpatternsllc.net

thinkpinkalicous.com

prajapati.company

bjhwky.com

jsdigitalekuns.com

Targets

- Target
  
  aT8aer3ybNvYpl3.exe
- Size
  
  803KB
- MD5
  
  1eaf8232051d48b6207937c971965e2d
- SHA1
  
  0e1edb9297f0b7db297be69d4aee0c3a38eb7b84
- SHA256
  
  0693c816986f73899e351e1989103e680c336f401cca1d14f5bce3b5865cfee6
- SHA512
  
  c4d32524b6448e26a4aaa6224e6e55adbd040d2b1389cf5702386e7bf8a965232f8aa2b73d43b3da5424487e008fda05f003e280a233d6b1785374f7cc987d75
Score

10^/10

xloader gjeh loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2