xloader

General

Target

nWVjpM9ao5s78s3.exe
Size

875KB
Sample

210727-7r3c2q9hve
MD5

8fc8a4252b32c8eb4b9e03b018ff72a2
SHA1

14a7a0b55043b430cbcb0a94b26a4f33c3f7d3d2
SHA256

e59a1d022c6c4f0cc7d23689004e65ea7f1f940adef98cf891a008dd9d7f66d9
SHA512

00b3d70f9929d76dda8c0691b394393a299446056330bf634043e88935551a49d8708a2fc0baf8ef1f5f4e3cce107ae796e4fc99ac24420052ca304e3c3f59f2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.panyu-qqbaby.com/weni/

Decoy

sdmdwang.com

konversationswithkoshie.net

carap.club

eagldeream.com

856380585.xyz

elgallocoffee.com

magetu.info

lovertons.com

theichallenge.com

advancedautorepairsonline.com

wingsstyling.info

tapdaugusta.com

wiloasbanhsgtarewdasc.solutions

donjrisdumb.com

experienceddoctor.com

cloverhillconsultants.com

underwear.show

karensgonewild2020.com

arodsr.com

thefucktardmanual.com

Targets

- Target
  
  nWVjpM9ao5s78s3.exe
- Size
  
  875KB
- MD5
  
  8fc8a4252b32c8eb4b9e03b018ff72a2
- SHA1
  
  14a7a0b55043b430cbcb0a94b26a4f33c3f7d3d2
- SHA256
  
  e59a1d022c6c4f0cc7d23689004e65ea7f1f940adef98cf891a008dd9d7f66d9
- SHA512
  
  00b3d70f9929d76dda8c0691b394393a299446056330bf634043e88935551a49d8708a2fc0baf8ef1f5f4e3cce107ae796e4fc99ac24420052ca304e3c3f59f2
Score

10^/10

xloader loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2