xloader

General

Target

Confirm received PO 4500640396.lzh
Size

670KB
Sample

210816-vs41p2rmdn
MD5

12bb2a983fc09ed07579c60d0e396551
SHA1

f90c37191d8a31aacc69c4ae3aec0328d53673ac
SHA256

75de6a436c06db361958df9e1cd39e7e72e44a8e202058c5dc93233a5b135e6f
SHA512

d0febdd220c2c4cb32716a51fdbdf6ad7624f9557ec3775ce237dc6d7b5862e55ccd86cd4002a8d711038b0187402ad480d89a9f090b6c6a55037ce33ddb04ad

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ipa8

C2

http://www.desarrollosolucionesnavarro.com/ipa8/

Decoy

royalposhpups.com

univa.world

lanerbo.com

shopbabygo.com

theutahhomestore.com

serialmixer.icu

linfeiya.com

xn--12cg3de5c2eb5cyi.com

am-conseil-communication.com

dailygame168.com

therightmilitia.com

visions-agency.com

mapopi.com

frugallyketo.com

guapandglo.com

54w-x126v.net

your-health-kick.com

blockchainhub360.com

registernowhd.xyz

votekellykitashima.com

Targets

- Target
  
  Confirm received PO 4500640396.exe
- Size
  
  1.1MB
- MD5
  
  6bca65813eeda79ba5ff4674fd4f831b
- SHA1
  
  b2eb4ec39716a2ee523372ad443df85f54ba1fc6
- SHA256
  
  2c365b6985fd96e0f9596e0e17370ef537d786473e490dfb144ade8fedc5f2ce
- SHA512
  
  026ddb7df5bd8d2c1033372990b9b7faaf3982084ea72528111c22cb149bcc49b141b7031a21df26db152edd55c75fe574d1f9db2bab3cb50f1c3aded2d4df01
Score

10^/10

xloader ipa8 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2