xloader

General

Target

eacd844a2163f4b5f170c68905b06dea72cf4b1bb49e7c76beb132544b6bc167
Size

384KB
Sample

210727-fmk27x4yv2
MD5

f41db6b090cd855b2274b91c2168ef92
SHA1

0095ecd87e51db3ef9674dfb18e967f00b733dd0
SHA256

eacd844a2163f4b5f170c68905b06dea72cf4b1bb49e7c76beb132544b6bc167
SHA512

4c509e36989b42d28100001cbbaf79efecee76727546cf51396104588937273b1d58b491e85603ace835102c26aeb8a52c9f6c4214ca3eb78a584964e56454e6

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.panyu-qqbaby.com/weni/

Decoy

sdmdwang.com

konversationswithkoshie.net

carap.club

eagldeream.com

856380585.xyz

elgallocoffee.com

magetu.info

lovertons.com

theichallenge.com

advancedautorepairsonline.com

wingsstyling.info

tapdaugusta.com

wiloasbanhsgtarewdasc.solutions

donjrisdumb.com

experienceddoctor.com

cloverhillconsultants.com

underwear.show

karensgonewild2020.com

arodsr.com

thefucktardmanual.com

Targets

- Target
  
  XQFreZzaubEvXYg.exe
- Size
  
  465KB
- MD5
  
  ddafa2b44ec908b114a4c33431e0952a
- SHA1
  
  e85c3f28cd859c6b5ab900c6a0c07a8fcfde8173
- SHA256
  
  4ca6a48021d7d442d9311b158691b1f219576d7d37a99f64741463659903ad4c
- SHA512
  
  4a3e227d44ad1cd9d6402e3bbde1ecc51196a7d8325f808bd6ba05059a6f596edf82f0ce2b359daa61267f6fcd08dc994549a6b06aec0cda1480ec14ab3efd87
Score

10^/10

xloader loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2