Overview

overview

10

Static

static

Purchase O...01.exe

windows7_x64

10

Purchase O...01.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order no.202201EYL-01.exe

  • Size

    571KB

  • Sample

    211118-r8rqnahcf8

  • MD5

    15ed74b1ca855d35a336689cbf2936df

  • SHA1

    15319e8da91e64ff1a01d89f28c3b91bec92ab0a

  • SHA256

    652385ecfc8acbe450ec14e301e3f4067cd1e2da0d5675c589c393949febc58a

  • SHA512

    9cec1310f7958b11f8f4cc7c3c9708312210859884a8a41fdb7c51f3cb93c28a905c3749f6bc99412f685125bff39c6bbfbe4b1f557aec6055b27d9156515668

Score
10/10
xloader46uqloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.jixelbbk.com/46uq/

Decoy

spiritueleonlinetraining.online

jrpz86.com

dataxmart.com

zeogg.club

killiandooley.com

159studios.com

clginter.com

greenwirechicago.com

kennycheng.tech

carolyngracecoaching.com

cp-altodelamuela.com

amazonflowerjewelry.com

anseron.net

surplusqlxbjy.online

asasal.com

online-buy-now.com

kolab.today

statisticsacademy.com

dcupqiu.club

braxtynmi.xyz

Targets

    • Target

      Purchase Order no.202201EYL-01.exe

    • Size

      571KB

    • MD5

      15ed74b1ca855d35a336689cbf2936df

    • SHA1

      15319e8da91e64ff1a01d89f28c3b91bec92ab0a

    • SHA256

      652385ecfc8acbe450ec14e301e3f4067cd1e2da0d5675c589c393949febc58a

    • SHA512

      9cec1310f7958b11f8f4cc7c3c9708312210859884a8a41fdb7c51f3cb93c28a905c3749f6bc99412f685125bff39c6bbfbe4b1f557aec6055b27d9156515668

    Score
    10/10
    xloader46uqloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks