GLEASON_QT2309.exe

General
Target

GLEASON_QT2309.exe

Size

642KB

Sample

210924-nf5j9sggf6

Score
10 /10
MD5

d601604552146dd9a412f1db8ff0cdd4

SHA1

8dc649c53d100c5d1f1330dc5ba33c680208d7f8

SHA256

3121d773a680fbac7dc37f75c38ae8ef20f1b88915cc0b83ca9bf2bf7c22ee94

SHA512

ae739f1a3ec1b0890dfc46a2b5d88e8cf211ecbc462539a1878e25c33c081ada166d1ad09bf859dd8e83f246d73b7bc9cf5c9f75465be7b09b0566aae50ebc34

Malware Config

Extracted

Family xloader
Version 2.5
Campaign g9vg
C2

http://www.supra413.com/g9vg/

Decoy

selenebrennan.com

htsfrance.com

monsieurtechno.com

argosy.city

lit-clouds.com

emilio-m.com

crashycraft.net

washmebro.com

1houroflife.com

millershaga.com

newtonpod.com

camopants.net

animator-show.com

qqzome.com

assetacre.com

letsmakeyourchoice.com

gileadpreferences.com

ecomarklifestyle.com

mivaautomotive.com

rattle100.com

askfortesting.com

majorelectricalwork.com

blockbotprofit.com

lanceseuexpert.online

zatventure.com

fitnessbykc.com

renatafaceandbodyskincare.com

opusmime.com

biyimeilou.com

soulhospitalitygroup.net

peaktradecapital.com

augmentedfact.com

petmall.website

rfmanutencoes.com

mgav40.xyz

konzertmanagement.com

thisisweenz.com

xn--42cg2czax6ptae6a.com

scienceworldapub.com

perfumeriavictory.com

ankarasinirsizescortlar.xyz

keenflat.com

fodfus.com

bright-tailor.com

spaciolb.com

pinkpolishseattle.com

homewebmailz.com

devple.com

cimehey9.xyz

tracks-clicks.com

Targets
Target

GLEASON_QT2309.exe

MD5

d601604552146dd9a412f1db8ff0cdd4

Filesize

642KB

Score
10 /10
SHA1

8dc649c53d100c5d1f1330dc5ba33c680208d7f8

SHA256

3121d773a680fbac7dc37f75c38ae8ef20f1b88915cc0b83ca9bf2bf7c22ee94

SHA512

ae739f1a3ec1b0890dfc46a2b5d88e8cf211ecbc462539a1878e25c33c081ada166d1ad09bf859dd8e83f246d73b7bc9cf5c9f75465be7b09b0566aae50ebc34

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10