Overview

overview

10

Static

static

Enquiry Re...78.exe

windows7_x64

10

Enquiry Re...78.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Enquiry Reference Number 0025559278.exe

  • Size

    744KB

  • Sample

    211108-yc764adac9

  • MD5

    cd9435966d20de265bc5f6f40daff4a3

  • SHA1

    76cb2ab21a6009275ba3dcbe256a15a211833f35

  • SHA256

    45790f1cc3cb37ecfe541981ddf9d25684d92576cceb6bdb809f345014de84f0

  • SHA512

    95b3749be5950d52c3124df37971a0d03f3c7dd10168df13d9d2a2e523f6c435e51866207d9263f12164d86ab9e310ad098175ef59b9f1d83c678197cb44d528

Score
10/10
xloaderu0n0loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u0n0

C2

http://www.52xjg3.xyz/u0n0/

Decoy

learnwithvr.net

minismi2.com

slimfitbottle.com

gzartisan.com

fullfamilyclub.com

adaptationstudios.com

domynt.com

aboydnfuid.com

dirtroaddesigns.net

timhortons-ca.xyz

gladiator-111.com

breakingza.com

njjbds.com

keithrgordon.com

litestore365.host

unichromegame.com

wundversorgung-tirol.com

wholistic-choice.com

shingletownrrn.com

kapikenya.com

Targets

    • Target

      Enquiry Reference Number 0025559278.exe

    • Size

      744KB

    • MD5

      cd9435966d20de265bc5f6f40daff4a3

    • SHA1

      76cb2ab21a6009275ba3dcbe256a15a211833f35

    • SHA256

      45790f1cc3cb37ecfe541981ddf9d25684d92576cceb6bdb809f345014de84f0

    • SHA512

      95b3749be5950d52c3124df37971a0d03f3c7dd10168df13d9d2a2e523f6c435e51866207d9263f12164d86ab9e310ad098175ef59b9f1d83c678197cb44d528

    Score
    10/10
    xloaderu0n0loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks