xloader

General

Target

Order Inquiry_List0811221Group_Pte Ltd.7z
Size

463KB
Sample

211122-pbghbaadf2
MD5

1e1782f69578137219cf553be09ece10
SHA1

f6c36594d19fadea0e07cd60ef4d93cb598e4bf9
SHA256

86df7f07c86eb205377bcae28ddb8b08e68907d2ab297e45ee8a58ae0c555eaf
SHA512

07bdb65b328e9c9627c9470a70cd9933206c3c9e3e0263f75ca6d672b83446aee3ac8f39d6ec7b43f0c36f099c7d348056604d619c3dd3a4be34daa5541c4e91

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.jixelbbk.com/46uq/

Decoy

spiritueleonlinetraining.online

jrpz86.com

dataxmart.com

zeogg.club

killiandooley.com

159studios.com

clginter.com

greenwirechicago.com

kennycheng.tech

carolyngracecoaching.com

cp-altodelamuela.com

amazonflowerjewelry.com

anseron.net

surplusqlxbjy.online

asasal.com

online-buy-now.com

kolab.today

statisticsacademy.com

dcupqiu.club

braxtynmi.xyz

Targets

- Target
  
  Order Inquiry_List0811221Group_Pte Ltd.exe
- Size
  
  753KB
- MD5
  
  7a472b26cb03fb90b7f7a98f0e3aaaac
- SHA1
  
  0dfd979849653398c60d791ee385f80a3648dc0b
- SHA256
  
  9bd94109c257b316e248e2486f3b84bf358cc5b9b259154e6b0544bcb04269d6
- SHA512
  
  84c1f8ed44c4bb3dd15d11a8ba1f3127e59e69d0f3edf5c36a711d252f6022079e5424dddb42e32cde19f7bb665ce853d19fd07e6029470857014aefd2e1444e
Score

10^/10

xloader 46uq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2