xloader

Resubmissions

19-08-2021 07:54

210819-xjszwl4k3s 10

03-03-2021 07:28

210303-hw6lasxvmj 10

Sharing

Copy URL

Twitter E-mail

General

Target

20210303948387477467,pdf.exe
Size

218KB
Sample

210819-xjszwl4k3s
MD5

e79c5035be71a3d0f847fed5d05d64df
SHA1

d90242e0452ad5cc9c580c5829c67369b04e0258
SHA256

d0186c586f083b92225e7a7e3d357e84d7f756a3e7fd76c5edca5f3e1e702ada
SHA512

46f36c6dd994a80b657ddd198c9ea9d290afef4ce98b4961c843b42f26b5f96b1bc3063c2e9e26775c4e373f2d4e830e5f57fcfb897c8f2f08e65a28d587798e

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gh6n

http://www.aslionlinestore.com/gh6n/

Decoy

cpschoolsschoology.com

thestocksforum.com

pixiewish.com

sopressd.com

muktokontha.com

tiejiabang.net

fdo.technology

kuringnl.com

barbarapastor.com

21stcenturytrading.com

digiwarung.com

canvafynyc.com

forfaitinghouse.com

3704368.com

mymonwero.com

ponpow.com

fringe.golf

heartfeltindonesia.com

defensivedrivercpc.com

allaboutgt.com

Targets

- Target
  
  20210303948387477467,pdf.exe
- Size
  
  218KB
- MD5
  
  e79c5035be71a3d0f847fed5d05d64df
- SHA1
  
  d90242e0452ad5cc9c580c5829c67369b04e0258
- SHA256
  
  d0186c586f083b92225e7a7e3d357e84d7f756a3e7fd76c5edca5f3e1e702ada
- SHA512
  
  46f36c6dd994a80b657ddd198c9ea9d290afef4ce98b4961c843b42f26b5f96b1bc3063c2e9e26775c4e373f2d4e830e5f57fcfb897c8f2f08e65a28d587798e
Score

10^/10

xloader gh6n loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2