xloader

General

Target

PAYMENT COPY.zip
Size

423KB
Sample

210921-pc9kgsheb4
MD5

55f68bfdc364bd253a49c5d842081a93
SHA1

82a6b7c7bf6658bf9927f89e48998ab0a3d6446c
SHA256

abea3ca31851350eec8a590d60531a56316bad6e366ea78c155fc04d5dca581d
SHA512

f662609a89a592d1d327df609c2ec5a913f597b4d72456f79e7329ff43aa0aed9442b21b3b613c00c7446694c33c4bf8fe560c5ceed3b453f87bab3cc6a9e550

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c2ue

C2

http://www.heidevelop.xyz/c2ue/

Decoy

isportdata.com

stellarex.energy

hsucollections.com

menuhaisan.com

joe-tzu.com

lumichargemktg.com

uae.tires

rapidcae.com

softwaresystemsolutions.com

s-galaxy.website

daewon-talks.net

northgamesnetwork.com

catalogue-bouyguestele.com

criativanet.com

theseasonalshift.com

actionfoto.online

openmaildoe.com

trashpenguin.com

ennopure.net

azurermine.com

Targets

- Target
  
  PAYMENT COPY.exe
- Size
  
  872KB
- MD5
  
  a3279da350cf134f736629e5e55c0a41
- SHA1
  
  d28cc3a2cc3e16cf38634cab8db41aacebf4709b
- SHA256
  
  fc9f8f3e66f8ea09953b7b5eba261ff36eb9a78a5f92787eb879420ee3bad581
- SHA512
  
  248040d33716b6f7fb5c0764380c67489d2acdc52784b2d8020faa57f09edc383ab7ecd85c297ef2516698e2cfa92e7d8edc8fc0c510263e5a2b91e1f650d79b
Score

10^/10

xloader c2ue loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2