xloader

General

Target

Order Inquiry_List0811221Group_Pte Ltd.exe
Size

753KB
Sample

211118-j95pxafae9
MD5

7a472b26cb03fb90b7f7a98f0e3aaaac
SHA1

0dfd979849653398c60d791ee385f80a3648dc0b
SHA256

9bd94109c257b316e248e2486f3b84bf358cc5b9b259154e6b0544bcb04269d6
SHA512

84c1f8ed44c4bb3dd15d11a8ba1f3127e59e69d0f3edf5c36a711d252f6022079e5424dddb42e32cde19f7bb665ce853d19fd07e6029470857014aefd2e1444e

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.jixelbbk.com/46uq/

Decoy

spiritueleonlinetraining.online

jrpz86.com

dataxmart.com

zeogg.club

killiandooley.com

159studios.com

clginter.com

greenwirechicago.com

kennycheng.tech

carolyngracecoaching.com

cp-altodelamuela.com

amazonflowerjewelry.com

anseron.net

surplusqlxbjy.online

asasal.com

online-buy-now.com

kolab.today

statisticsacademy.com

dcupqiu.club

braxtynmi.xyz

Targets

- Target
  
  Order Inquiry_List0811221Group_Pte Ltd.exe
- Size
  
  753KB
- MD5
  
  7a472b26cb03fb90b7f7a98f0e3aaaac
- SHA1
  
  0dfd979849653398c60d791ee385f80a3648dc0b
- SHA256
  
  9bd94109c257b316e248e2486f3b84bf358cc5b9b259154e6b0544bcb04269d6
- SHA512
  
  84c1f8ed44c4bb3dd15d11a8ba1f3127e59e69d0f3edf5c36a711d252f6022079e5424dddb42e32cde19f7bb665ce853d19fd07e6029470857014aefd2e1444e
Score

10^/10

xloader 46uq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2