xloader

General

Target

SecuriteInfo.com.PWS-FCUF6AD9A14C81A8.71.28150
Size

1.2MB
Sample

211206-e5zkwagbc7
MD5

6ad9a14c81a84739baa84d77ef4bd883
SHA1

d48ce5ee5fe8884bd15db0c7ab89835a4bf4bb42
SHA256

43b124c327a2be5af3e68915876795689ed778cfa0d5421d98963e4c51de193a
SHA512

cc08f66dd61474d6ba6ee97fdeb6ea42e7548569058bde8a63df407fbda04d5e062e8c552eebff888ec0a212f795ed423a7db64e5736d2d46cb33a8b063f279c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.jixelbbk.com/46uq/

Decoy

spiritueleonlinetraining.online

jrpz86.com

dataxmart.com

zeogg.club

killiandooley.com

159studios.com

clginter.com

greenwirechicago.com

kennycheng.tech

carolyngracecoaching.com

cp-altodelamuela.com

amazonflowerjewelry.com

anseron.net

surplusqlxbjy.online

asasal.com

online-buy-now.com

kolab.today

statisticsacademy.com

dcupqiu.club

braxtynmi.xyz

Targets

- Target
  
  SecuriteInfo.com.PWS-FCUF6AD9A14C81A8.71.28150
- Size
  
  1.2MB
- MD5
  
  6ad9a14c81a84739baa84d77ef4bd883
- SHA1
  
  d48ce5ee5fe8884bd15db0c7ab89835a4bf4bb42
- SHA256
  
  43b124c327a2be5af3e68915876795689ed778cfa0d5421d98963e4c51de193a
- SHA512
  
  cc08f66dd61474d6ba6ee97fdeb6ea42e7548569058bde8a63df407fbda04d5e062e8c552eebff888ec0a212f795ed423a7db64e5736d2d46cb33a8b063f279c
Score

10^/10

xloader 46uq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2