xloader

General

Target

Inquiry-URGENT.exe
Size

433KB
Sample

210927-thdgfshde6
MD5

001127ea6a36d3b93e8c54ff1b8f22b8
SHA1

acd9171ec5641efc54a16c5c18184dd6e25138c8
SHA256

2728dc98fdebc00823b877eba49ace782c17db8a07074634aafca9dc00277776
SHA512

7a5687835380616daa433ce196fdb7badfcf74f0e1e4cb97c4064ac0eea1b633b0ed536ea409519d09a5f5c341861b1930242a3f8c706eb58f52defab8e2110f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b5ce

C2

http://www.rheilea.com/b5ce/

Decoy

advellerd.xyz

giasuvina.com

arab-xt-pro.com

ahsltu2ua4.com

trasportesemmanuel.com

kissimmeesoccercup.com

studyengland.com

m2volleyballclub.com

shyuehuan.com

elsml.com

blog-x-history.top

coditeu.com

allattachments.net

vigautruc.com

mentication.com

zambiaedu.xyz

filadelfiacenter.com

avlaborsourceinc.info

tameka-stewart.com

studio-cleo.com

Targets

- Target
  
  Inquiry-URGENT.exe
- Size
  
  433KB
- MD5
  
  001127ea6a36d3b93e8c54ff1b8f22b8
- SHA1
  
  acd9171ec5641efc54a16c5c18184dd6e25138c8
- SHA256
  
  2728dc98fdebc00823b877eba49ace782c17db8a07074634aafca9dc00277776
- SHA512
  
  7a5687835380616daa433ce196fdb7badfcf74f0e1e4cb97c4064ac0eea1b633b0ed536ea409519d09a5f5c341861b1930242a3f8c706eb58f52defab8e2110f
Score

10^/10

xloader b5ce loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2