xloader

General

Target

Sales Order.rar
Size

454KB
Sample

210727-x5e1rls1d2
MD5

178234763bc642636b72225d29674ee2
SHA1

3915c10569856955c0c6a785d834e1f649afa5dd
SHA256

2a4103bdbd7ede598db2ed222c11aa5680fed10ae2a4b88930c2c6c03d48a8a0
SHA512

2f7fe7f27b33c8e5f3fd51aca539752b10daddfdae1958d197f7846de5cb1a83c17724482650a35dc79fd62c3ef2a2538d401cd5b9d469491e74257cc7524248

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.jantesetaccessoires.com/p6f2/

Decoy

redsnews.com

vr859.com

postmasterstudios.com

hampsteadorganizer.com

hangshop.net

maheshwaramlawcollege.com

5156087.com

gtaaddict.com

faj.xyz

drivechicagoillinois.com

neerutech.com

b2brahmas.com

freshlookks.com

propertyparallel.tech

tlwbyads.com

sellektorkids.com

dexs.fyi

kileybrock.com

nervstudio.com

tosg-ltd.com

Targets

- Target
  
  Sales Order.exe
- Size
  
  1014KB
- MD5
  
  fd84eb337a51966294ba08722170bf46
- SHA1
  
  1f529d60e2dc50deaac59af322708039da33c3be
- SHA256
  
  8da806444010084307c77bf3a69f66ca36c15920bd7b9f60fdcf35fccd460701
- SHA512
  
  a522ba8c6daddbf69f711ef859c7e8fb79e2ab00372e6626af9119d82ef8cf22b0e2ebcc1897cd88810be5ee01b11e0950dbf0853ceb630de3e916ac3bacd847
Score

10^/10

xloader loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2