xloader

General

Target

Invoice-309-Ref-284.exe
Size

947KB
Sample

210817-8e1pa6bax2
MD5

33d6b64658d6d65330aa45e745a07378
SHA1

4aac1e207c9bbcd0959901557ed3da64b950a091
SHA256

e6d6ba31c6a493196ef6147ee975e41970f069ce9abd2b114c115891be4d37e0
SHA512

4b062d9c1cfab5d98812b999d61d94648219e61b6aef17d073321ad8c4681ed84e1fd78d776958acde24bcd39eb57006f42245d2eacc15bb34c3979fefd0cfa7

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ipa8

C2

http://www.desarrollosolucionesnavarro.com/ipa8/

Decoy

royalposhpups.com

univa.world

lanerbo.com

shopbabygo.com

theutahhomestore.com

serialmixer.icu

linfeiya.com

xn--12cg3de5c2eb5cyi.com

am-conseil-communication.com

dailygame168.com

therightmilitia.com

visions-agency.com

mapopi.com

frugallyketo.com

guapandglo.com

54w-x126v.net

your-health-kick.com

blockchainhub360.com

registernowhd.xyz

votekellykitashima.com

Targets

- Target
  
  Invoice-309-Ref-284.exe
- Size
  
  947KB
- MD5
  
  33d6b64658d6d65330aa45e745a07378
- SHA1
  
  4aac1e207c9bbcd0959901557ed3da64b950a091
- SHA256
  
  e6d6ba31c6a493196ef6147ee975e41970f069ce9abd2b114c115891be4d37e0
- SHA512
  
  4b062d9c1cfab5d98812b999d61d94648219e61b6aef17d073321ad8c4681ed84e1fd78d776958acde24bcd39eb57006f42245d2eacc15bb34c3979fefd0cfa7
Score

10^/10

xloader ipa8 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2