xloader

General

Target

REQUEST FOR QUOTATION.exe
Size

90KB
Sample

210727-pgnxbtpr3s
MD5

189b59d65940724d3febd8763d929c27
SHA1

e2981f344bb3f8ce214a609932bbc1525ffe6609
SHA256

ccaefd526c1b30f67694ea01efb7bd5c794859ae01c68001a3d92e3d1dced67f
SHA512

a46fe00332a847ead550c7d7a35980a6ccf1432a5d00035941dd2407a9b00660fc36ee149166fd7d69ef873321935f8c9b3be144bd0926921cefc535b4b1616e

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.lovecarder.com/enmm/

Decoy

westcorinnewater.com

secretosdebolsa.com

carolineeyguthrie.com

fuzion.events

reatour.com

alertfirerescue.com

gd-dw.com

christian-glass.com

herbandflour.com

ttingjab.com

xn--gmq18di80c2lb.com

usabilitykitchen.com

liverpoolbeautyco.com

yyb.one

egeemlak.net

news-crunch.com

johneflix.com

lionlegalsolutions.com

doikatsuman.net

cyberlegalofficer.com

Targets

- Target
  
  REQUEST FOR QUOTATION.exe
- Size
  
  90KB
- MD5
  
  189b59d65940724d3febd8763d929c27
- SHA1
  
  e2981f344bb3f8ce214a609932bbc1525ffe6609
- SHA256
  
  ccaefd526c1b30f67694ea01efb7bd5c794859ae01c68001a3d92e3d1dced67f
- SHA512
  
  a46fe00332a847ead550c7d7a35980a6ccf1432a5d00035941dd2407a9b00660fc36ee149166fd7d69ef873321935f8c9b3be144bd0926921cefc535b4b1616e
Score

10^/10

suricata xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE DTLoader Binary Request M2
  suricata
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1

T1130

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE DTLoader Binary Request M2

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2