xloader

General

Target

5209694541086720.zip
Size

431KB
Sample

210726-1r7q2j277n
MD5

85a3eb2c8bceb71e26a06f10f535a3d6
SHA1

44898f6f2902e692c33b435b4937834111cff406
SHA256

b1556816a1b2f1adfa7bfb10794d9e757d34f920b415aa0152c5ab70158a270c
SHA512

9a9090cfd3b8dd91789cf3b25062b99bfa53e983fc5eb1a6a389f23e741390b9f8729ee595c361a04bacfaa6c2e287f03f0c390b8543af02d82b795c64d18ab9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.jantesetaccessoires.com/p6f2/

Decoy

redsnews.com

vr859.com

postmasterstudios.com

hampsteadorganizer.com

hangshop.net

maheshwaramlawcollege.com

5156087.com

gtaaddict.com

faj.xyz

drivechicagoillinois.com

neerutech.com

b2brahmas.com

freshlookks.com

propertyparallel.tech

tlwbyads.com

sellektorkids.com

dexs.fyi

kileybrock.com

nervstudio.com

tosg-ltd.com

Targets

- Target
  
  lono.exe
- Size
  
  960KB
- MD5
  
  3dd87d18a1e0e5d97de8b77458d18f74
- SHA1
  
  ab1538aa18a14156ac7e20bba7329bac26216745
- SHA256
  
  d050c9c41083b76f378f09e9c5394cfef4a18d7de11a87720b2e5e3cf704330b
- SHA512
  
  d0dd1b6e6acded09d8783389a5fab9e503cd37ac4759fd3b1f714ff1d103ee858d43dc558503545b6e5a2545383ba47ed91b44953207107b616a79ae30d2fcd2
Score

10^/10

xloader loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2