xloader

General

Target

Payment Advice.zip
Size

450KB
Sample

210922-dv5tgabac4
MD5

5c6d618de3802135836f26015b0db1bf
SHA1

ad202db5ca7e69c259a01114c961e6edb0ef5f8b
SHA256

236140ea5c5aaaf8157b7e9609851c13dc3233fb291dc334d49d0a6c6ee43e82
SHA512

04d4b9e673e5e0f70fee67ea4fc0158efe4bf3dde81586004b972b711334afed0a1f3e1652d3edd0ae9de5237545dc84370ce1d7dcb29f553619111e3a17023c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c2ue

C2

http://www.heidevelop.xyz/c2ue/

Decoy

isportdata.com

stellarex.energy

hsucollections.com

menuhaisan.com

joe-tzu.com

lumichargemktg.com

uae.tires

rapidcae.com

softwaresystemsolutions.com

s-galaxy.website

daewon-talks.net

northgamesnetwork.com

catalogue-bouyguestele.com

criativanet.com

theseasonalshift.com

actionfoto.online

openmaildoe.com

trashpenguin.com

ennopure.net

azurermine.com

Targets

- Target
  
  Payment Advice.exe
- Size
  
  992KB
- MD5
  
  4f25ed58038558b2e83f18896b245791
- SHA1
  
  80be9861fa9f10581fc77e0c4a1405dd5042365d
- SHA256
  
  03b8b680955c5827b5f80ace4afb923c2a5714cbe1b9ca579ab6f197b8826bc6
- SHA512
  
  8e586af0f9214b59075811bb15779ef7460e436c18c1995c70d3aafb3c6cb4d5def9671ae829df49d294588845f34e997b9b293366f289b3c7f782b55aa6dd63
Score

10^/10

xloader c2ue loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2