xloader

General

Target

Payment Confirmation.exe
Size

867KB
Sample

210823-clepxkhlqn
MD5

fbc0a38898145f58ec52b75a6a0d4f58
SHA1

0e1b7baa19c708aada04ebe148575996eb5ee7cb
SHA256

7e99dc28bcc8be32fb1477bc6b67da52d67195e1e9ebc9612118a9e180675af7
SHA512

19dc73d78176cae92fa3e6223107a965e72cd54b26ce69cb47b4bc696e67afae4d9a35a927cd75d7df583bf062b5fa129c7d49bf3e565e26167633c91085107a

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ubqk

C2

http://www.fireescapebk.com/ubqk/

Decoy

thewanderers.info

nowthinasten.com

salesnewage.com

fzgjx.club

transformationcamp.net

thewaltongroup30a.com

bitdoubler.info

elveronac.com

tabupolitico.com

thecureisweed.com

collegesupermatch.com

bbluedotpanowd.com

joakimrexperience.com

philorise.com

beelippy.com

glitchedcode.com

northwoodsremodeling.com

healrrr.com

precisadiagnostics.com

1crude.com

Targets

- Target
  
  Payment Confirmation.exe
- Size
  
  867KB
- MD5
  
  fbc0a38898145f58ec52b75a6a0d4f58
- SHA1
  
  0e1b7baa19c708aada04ebe148575996eb5ee7cb
- SHA256
  
  7e99dc28bcc8be32fb1477bc6b67da52d67195e1e9ebc9612118a9e180675af7
- SHA512
  
  19dc73d78176cae92fa3e6223107a965e72cd54b26ce69cb47b4bc696e67afae4d9a35a927cd75d7df583bf062b5fa129c7d49bf3e565e26167633c91085107a
Score

10^/10

xloader ubqk loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2