Overview

overview

10

Static

static

10

xloader

macos_amd64

10

Resubmissions

02/09/2021, 14:41

210902-r2t77sadd5 10

26/08/2021, 20:08

210826-x63p7evsw6 10

26/08/2021, 17:01

210826-hhfzsjhlaj 10

Analysis

  • max time network
    292s
  • platform
    macos_amd64
  • resource
    macos
  • submitted
    26/08/2021, 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xloader

  • Size

    124KB

  • MD5

    997af06dda7a3c6d1be2f8cac866c78c

  • SHA1

    fb83d869f476e390277aab16b05aa7f3adc0e841

  • SHA256

    46adfe4740a126455c1a022e835de74f7e3cf59246ca66aa4e878bf52e11645d

  • SHA512

    5df92bfc5ab9392b3f7d66f84f625a0de4fd19a2fa3df61fc5bad0e57cc657e4f86d1d5dac9cc57b98a80815a446edd426cf7a5ea5834e4f7ff338f51781f9bf

Score
10/10
xloaderloaderrat

Malware Config

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader Payload 1 IoCs
    rat

Processes

  • /bin/sh
    sh -c "sudo /Users/run/xloader"
    1⤵
      PID:465
    • /bin/bash
      sh -c "sudo /Users/run/xloader"
      1⤵
        PID:465
      • /usr/bin/sudo
        sudo /Users/run/xloader
        1⤵
          PID:465
          • /Users/run/xloader
            /Users/run/xloader
            2⤵
              PID:466
          • /bin/sh
            sh -c /var/root/.gJSXgBp/DvEpBdIXQp.app/Contents/MacOS/DvEpBdIXQp
            1⤵
              PID:467
            • /bin/bash
              sh -c /var/root/.gJSXgBp/DvEpBdIXQp.app/Contents/MacOS/DvEpBdIXQp
              1⤵
                PID:467
              • /var/root/.gJSXgBp/DvEpBdIXQp.app/Contents/MacOS/DvEpBdIXQp
                /var/root/.gJSXgBp/DvEpBdIXQp.app/Contents/MacOS/DvEpBdIXQp
                1⤵
                  PID:467

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads