xloader

General

Target

Purchase Order no.202201EYL-01.rar
Size

390KB
Sample

211122-hwh4bafaam
MD5

82998f74b5a93b9f364fc01f970b5c54
SHA1

770a21d1ee36e12cc90fe3edc3d0f76c945153d6
SHA256

81e489912b0915e017e59bb47877b98c3a6c17b05eb1f1a3229e8ca7e087ddf3
SHA512

fbb666565c431c0e7c3f4237373a85780b0f88cf18f2a9cbf645db610c9a977589cb1db2323567bd8e1f668c66f42581f69eae3caa7e154f7045409662fa26e8

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.jixelbbk.com/46uq/

Decoy

spiritueleonlinetraining.online

jrpz86.com

dataxmart.com

zeogg.club

killiandooley.com

159studios.com

clginter.com

greenwirechicago.com

kennycheng.tech

carolyngracecoaching.com

cp-altodelamuela.com

amazonflowerjewelry.com

anseron.net

surplusqlxbjy.online

asasal.com

online-buy-now.com

kolab.today

statisticsacademy.com

dcupqiu.club

braxtynmi.xyz

Targets

- Target
  
  Purchase Order no.202201EYL-01.exe
- Size
  
  571KB
- MD5
  
  15ed74b1ca855d35a336689cbf2936df
- SHA1
  
  15319e8da91e64ff1a01d89f28c3b91bec92ab0a
- SHA256
  
  652385ecfc8acbe450ec14e301e3f4067cd1e2da0d5675c589c393949febc58a
- SHA512
  
  9cec1310f7958b11f8f4cc7c3c9708312210859884a8a41fdb7c51f3cb93c28a905c3749f6bc99412f685125bff39c6bbfbe4b1f557aec6055b27d9156515668
Score

10^/10

xloader 46uq loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2