xloader

General

Target

Incorrect_Payment Details MT144_SWIFT.7Z
Size

469KB
Sample

211123-lss1wshgal
MD5

d7d4505c9c46ee384311a28cfeb283fa
SHA1

4a3a22f7e8aedf1d1e2e36dbfa02edf5968eb866
SHA256

9a4b85572967ee5f751ace61f95ff6b9668700cc888900173a71f44b796c4160
SHA512

7134ef12f5b95ac4a30b5047ddba219404138a50ed0c0e98ce7642aa8089e6aa75c2e1e745a51593c93128aeb45ee0fa5bf6399443be4e7be518e7621495ae24

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.jixelbbk.com/46uq/

Decoy

spiritueleonlinetraining.online

jrpz86.com

dataxmart.com

zeogg.club

killiandooley.com

159studios.com

clginter.com

greenwirechicago.com

kennycheng.tech

carolyngracecoaching.com

cp-altodelamuela.com

amazonflowerjewelry.com

anseron.net

surplusqlxbjy.online

asasal.com

online-buy-now.com

kolab.today

statisticsacademy.com

dcupqiu.club

braxtynmi.xyz

Targets

- Target
  
  Incorrect_Payment Details MT144_SWIFT.exe
- Size
  
  697KB
- MD5
  
  43b84b4cee50af49202838edc9c78b19
- SHA1
  
  93f2d1a80d8e9efd0fe77264d502636277af1b2a
- SHA256
  
  503fc3a0db4f69416153b122ee36cc8bcf16738b1bc192f6d20462b28bb640f7
- SHA512
  
  6024d9aebd13d05301112bad45b9656898aed9a02cef4f212a37f1428ce94c7e24c907e3ce12a7d79cdd8eb0a3ff664568fb7299b39e9e0ccf2b95efcb115ded
Score

10^/10

xloader 46uq loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2