xloader

General

Target

SecuriteInfo.com.MSIL.Packed.19.415.32450
Size

1.3MB
Sample

211209-nl6drabgd5
MD5

dadc5815d7e86bdefe66ee99decf7f1f
SHA1

98656e68a7f0f420e6cc76fbfdb4764f63f19298
SHA256

359dcc936ef46d8becf12ae075b1a31ffb812bfcee64b45d5bc01b2e8d7c4cec
SHA512

6080301c3b86959d5d6aa53d2973730bb883e25094580bfd971d1e3e08fd9d43e26ad72ebd000a8ce001490276cc8503a1b0c699e730c2497751661d83ff6ad2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.jixelbbk.com/46uq/

Decoy

spiritueleonlinetraining.online

jrpz86.com

dataxmart.com

zeogg.club

killiandooley.com

159studios.com

clginter.com

greenwirechicago.com

kennycheng.tech

carolyngracecoaching.com

cp-altodelamuela.com

amazonflowerjewelry.com

anseron.net

surplusqlxbjy.online

asasal.com

online-buy-now.com

kolab.today

statisticsacademy.com

dcupqiu.club

braxtynmi.xyz

Targets

- Target
  
  SecuriteInfo.com.MSIL.Packed.19.415.32450
- Size
  
  1.3MB
- MD5
  
  dadc5815d7e86bdefe66ee99decf7f1f
- SHA1
  
  98656e68a7f0f420e6cc76fbfdb4764f63f19298
- SHA256
  
  359dcc936ef46d8becf12ae075b1a31ffb812bfcee64b45d5bc01b2e8d7c4cec
- SHA512
  
  6080301c3b86959d5d6aa53d2973730bb883e25094580bfd971d1e3e08fd9d43e26ad72ebd000a8ce001490276cc8503a1b0c699e730c2497751661d83ff6ad2
Score

10^/10

xloader 46uq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2