Resubmissions
02-09-2021 14:41
210902-r2t77sadd5 1026-08-2021 20:08
210826-x63p7evsw6 1026-08-2021 17:01
210826-hhfzsjhlaj 10Analysis
-
max time network
152s -
platform
macos_amd64 -
resource
macos -
submitted
26-08-2021 17:01
General
-
Target
xloader
-
Size
124KB
-
MD5
997af06dda7a3c6d1be2f8cac866c78c
-
SHA1
fb83d869f476e390277aab16b05aa7f3adc0e841
-
SHA256
46adfe4740a126455c1a022e835de74f7e3cf59246ca66aa4e878bf52e11645d
-
SHA512
5df92bfc5ab9392b3f7d66f84f625a0de4fd19a2fa3df61fc5bad0e57cc657e4f86d1d5dac9cc57b98a80815a446edd426cf7a5ea5834e4f7ff338f51781f9bf
Malware Config
Signatures
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload 1 IoCs
Processes
-
/bin/shsh -c "sudo /Users/run/xloader"1⤵
-
/bin/bashsh -c "sudo /Users/run/xloader"1⤵
-
/usr/bin/sudosudo /Users/run/xloader1⤵
-
/Users/run/xloader/Users/run/xloader2⤵
-
/bin/shsh -c /var/root/.ATi8D2BH564L/elWP.app/Contents/MacOS/elWP1⤵
-
/bin/bashsh -c /var/root/.ATi8D2BH564L/elWP.app/Contents/MacOS/elWP1⤵
-
/var/root/.ATi8D2BH564L/elWP.app/Contents/MacOS/elWP/var/root/.ATi8D2BH564L/elWP.app/Contents/MacOS/elWP1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/private/var/root/.ATi8D2BH564L/elWP.app/Contents/Info.plistMD5
58f137fffefab27b124c17fa1dd4bbd0
SHA12d73d6f72072cdca74ec8d65b61484237013dcae
SHA256ede3724620e02ff9a7fd2989fb877f8bfa2178f24ff27ebcdebf65d24a6ec232
SHA512e21f8b3db4499cef816dc85954137e83d173c5648daa1575fc0f9fd9acf1887f212008093947bea6339e2e38126a82bfc3bd3a0d484f8b3e433a80014f2ed82a
-
/private/var/root/.ATi8D2BH564L/elWP.app/Contents/MacOS/elWPMD5
997af06dda7a3c6d1be2f8cac866c78c
SHA1fb83d869f476e390277aab16b05aa7f3adc0e841
SHA25646adfe4740a126455c1a022e835de74f7e3cf59246ca66aa4e878bf52e11645d
SHA5125df92bfc5ab9392b3f7d66f84f625a0de4fd19a2fa3df61fc5bad0e57cc657e4f86d1d5dac9cc57b98a80815a446edd426cf7a5ea5834e4f7ff338f51781f9bf