xloader

General

Target

TT Transmitted Copy ETT1037468..exe
Size

878KB
Sample

210728-salcaxjjjs
MD5

1dc4a1aa19afef7c048a09bd00153ae9
SHA1

cfeac51f7427a964ece4c8faac0e028d31e4b7ea
SHA256

d064e13de302104e85c1fbc8b177bc3b17ecf1dc0063ff1865d825b219d9f11d
SHA512

fb6d0157dea7fb9b2c2a7fc0419d02ad6aaee1c681dd2d99c4fa3d1c46f7b33f78a3bbffa144ac7bcf6b2d12db84a6ab839d336d46e092e7ead94061d9a39408

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.desarrollosolucionesnavarro.com/ipa8/

Decoy

royalposhpups.com

univa.world

lanerbo.com

shopbabygo.com

theutahhomestore.com

serialmixer.icu

linfeiya.com

xn--12cg3de5c2eb5cyi.com

am-conseil-communication.com

dailygame168.com

therightmilitia.com

visions-agency.com

mapopi.com

frugallyketo.com

guapandglo.com

54w-x126v.net

your-health-kick.com

blockchainhub360.com

registernowhd.xyz

votekellykitashima.com

Targets

- Target
  
  TT Transmitted Copy ETT1037468..exe
- Size
  
  878KB
- MD5
  
  1dc4a1aa19afef7c048a09bd00153ae9
- SHA1
  
  cfeac51f7427a964ece4c8faac0e028d31e4b7ea
- SHA256
  
  d064e13de302104e85c1fbc8b177bc3b17ecf1dc0063ff1865d825b219d9f11d
- SHA512
  
  fb6d0157dea7fb9b2c2a7fc0419d02ad6aaee1c681dd2d99c4fa3d1c46f7b33f78a3bbffa144ac7bcf6b2d12db84a6ab839d336d46e092e7ead94061d9a39408
Score

10^/10

xloader loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2