xloader

General

Target

USD980950_Swift.exe
Size

1.3MB
Sample

210726-jyspewdw8e
MD5

0e2f9d545ac87b4e9762ca50e2bf15ab
SHA1

f4678bb9036c097dfe4bff4794de64eb39c369c4
SHA256

fabf4628b3813230d81f4c1a4991a0fe21550362177dd7b451e80c6a839b6814
SHA512

86cca0ab67312068c408aee261b372c933b71dc85d51df9e11e9eb5c398e1b0353d0f897e6ba8f72048783485421075805c25c64e767d49d00f26f99ad79c07c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.bodymoisturizer.online/q4kr/

Decoy

realmodapk.com

hanoharuka.com

shivalikspiritualproducts.com

womenshealthclinincagra.com

racketpark.com

startuporig.com

azkachinas.com

klanblog.com

linuxradio.tools

siteoficial-liquida.com

glsbuyer.com

bestdeez.com

teens2cash.com

valleyviewconstruct.com

myfortniteskins.com

cambecare.com

csec2011.com

idookap.com

warmwallsrecords.com

smartmirror.one

Targets

- Target
  
  USD980950_Swift.exe
- Size
  
  1.3MB
- MD5
  
  0e2f9d545ac87b4e9762ca50e2bf15ab
- SHA1
  
  f4678bb9036c097dfe4bff4794de64eb39c369c4
- SHA256
  
  fabf4628b3813230d81f4c1a4991a0fe21550362177dd7b451e80c6a839b6814
- SHA512
  
  86cca0ab67312068c408aee261b372c933b71dc85d51df9e11e9eb5c398e1b0353d0f897e6ba8f72048783485421075805c25c64e767d49d00f26f99ad79c07c
Score

10^/10

xloader loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

CustAttr .NET packer

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2