xloader

General

Target

PRODUCT-LIST VACUUM BREAKER VALVE.exe
Size

1.2MB
Sample

211213-neacqsdeb6
MD5

6bf6716cac6d17349b421a39a264fd31
SHA1

9a3d2c0c3a2f903417c3a541a5b8a6e0faab7b59
SHA256

54f23ae0cb97a0c71ea4c016cda34864398ff3d5939197eeada160d89f230ea5
SHA512

233c81d37e534b3f5a58e20ac5396aca1a35e83b48faadbfa7556ee337b4393f70bc0f462679b5a0401f2c1f3326752edc60df4143375242b9bc162224d0a72b

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.jixelbbk.com/46uq/

Decoy

spiritueleonlinetraining.online

jrpz86.com

dataxmart.com

zeogg.club

killiandooley.com

159studios.com

clginter.com

greenwirechicago.com

kennycheng.tech

carolyngracecoaching.com

cp-altodelamuela.com

amazonflowerjewelry.com

anseron.net

surplusqlxbjy.online

asasal.com

online-buy-now.com

kolab.today

statisticsacademy.com

dcupqiu.club

braxtynmi.xyz

Targets

- Target
  
  PRODUCT-LIST VACUUM BREAKER VALVE.exe
- Size
  
  1.2MB
- MD5
  
  6bf6716cac6d17349b421a39a264fd31
- SHA1
  
  9a3d2c0c3a2f903417c3a541a5b8a6e0faab7b59
- SHA256
  
  54f23ae0cb97a0c71ea4c016cda34864398ff3d5939197eeada160d89f230ea5
- SHA512
  
  233c81d37e534b3f5a58e20ac5396aca1a35e83b48faadbfa7556ee337b4393f70bc0f462679b5a0401f2c1f3326752edc60df4143375242b9bc162224d0a72b
Score

10^/10

xloader 46uq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2