xloader

General

Target

Cargill PO 7885 pdf.exe
Size

1.2MB
Sample

210826-gz5jajsvgs
MD5

f336298269351704e8a3f7a5f071c82d
SHA1

ee8ba4b276bfb69be97518c994d9536eebc76e53
SHA256

837d5ed2867ffbf6b718264ecc27e620ffd9d14b1a4d2255f56b04181713830f
SHA512

3c0bdfc2e2df3426300e1642124b10a818dea0f62691868f48b4f7b409587060f03ede4d050b0cc1ba2883ccbdb66eb310b55f42da21bd490493edf0be9728f8

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

k8b5

C2

http://www.chongzhi365.com/k8b5/

Decoy

sardamedicals.com

reelectkendavis4council.com

coreconsultation.com

fajarazhary.com

mybitearner.com

brightpet.info

voicewithchoice.com

bailbondscompany.xyz

7133333333.com

delights.info

gawlvegdr.icu

sdqhpm.com

we2savvyok.com

primallifeathlete.com

gdsinglecell.com

isokineticmachines.com

smartneckrelax.com

gardenvintage.com

hiphopvolume.com

medicapoint.com

Targets

- Target
  
  Cargill PO 7885 pdf.exe
- Size
  
  1.2MB
- MD5
  
  f336298269351704e8a3f7a5f071c82d
- SHA1
  
  ee8ba4b276bfb69be97518c994d9536eebc76e53
- SHA256
  
  837d5ed2867ffbf6b718264ecc27e620ffd9d14b1a4d2255f56b04181713830f
- SHA512
  
  3c0bdfc2e2df3426300e1642124b10a818dea0f62691868f48b4f7b409587060f03ede4d050b0cc1ba2883ccbdb66eb310b55f42da21bd490493edf0be9728f8
Score

10^/10

xloader k8b5 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2