xloader

General

Target

DHL Shipment Notification 5833863965.rar
Size

215KB
Sample

210806-1j1pxbfs9j
MD5

0070ab2175d6b10fa9646bf4dae58c3b
SHA1

03126a82c9f316024abe253c5ebccc738e8a324c
SHA256

5b24d3c0994a388e362e7eac990c326b89741bd06566f2e73abf3fe6172cc8c8
SHA512

339139e8792ae0277a0f43924b798b3a137e3e0bd9b9029c465098a359b969248de916326591fcc3a43424e0ebd4f3afe9c51a6c4970b47a0bd45fd296410b01

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p596

C2

http://www.lapashawhite.com/p596/

Decoy

ushistorical.com

lovepropertylondon.com

acupress-the-point.com

3772548.com

ambientabuse.com

primaveracm.com

themidwestmomblog.com

havasavunma.com

rockyroadbrand.com

zzphys.com

masque-inclusif.com

myeonyeokplus.com

linkernet.pro

zezirma.com

mysiniar.com

andreamall.com

mattesonauto.com

wandopowerinc.com

casaurgence.com

salishseaquilts.com

Targets

- Target
  
  lemoh.exe
- Size
  
  231KB
- MD5
  
  5f26cd5aed834a68b5557e269283d6f0
- SHA1
  
  5d9eba311343c68a77c9c2a50d65199d7cd7f8a8
- SHA256
  
  2f313740b13df5c33ef5d7ef6631674ef37428a4a776bbb312fd324b05b5dadd
- SHA512
  
  b0c15610d8907c424037f86a0a78d58ed6f5592c95b737666e8d543bc8ed6d45dacddd2dd60d7dce3020b3fa376aa25400312bf0aa0cf5668c37abd8511c8827
Score

10^/10

xloader p596 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2