xloader

General

Target

5268651735416832.zip
Size

281KB
Sample

210901-ewf37dd6hs
MD5

c03bb9b9ddecd2d7758df2f1b47dc5ea
SHA1

2566bc7b0bf121113f9eae5eaf804f608dfeda5d
SHA256

0c22d955534174aaffc23beb8b9fcee098a6f450ed1e5ac792a28d866089a035
SHA512

1f532112032916ae39fd3eed911702623c2be26b38a19b01cdc46d53227b653e60499be86bbc8f1b626d46437247ca75a7d683230af287ba56491c996e75d928

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6a4

C2

http://www.miraculousventures.com/b6a4/

Decoy

reviewsresolutions.com

binhminhgardenshophouse.com

nebulacom.com

kadhambaristudio.com

viltoom.club

supmomma.com

tjszxddc.com

darlingmemories.com

hyperultrapure.com

vibembrio.com

reallycoolmask.com

cumbukita.com

brian-newby.com

abstractaccessories.com

marykinky.com

minnesotareversemtgloans.com

prasetlement.com

xplpgi.com

xn--gdask-y7a.com

uababaseball.com

Targets

- Target
  
  OFFICIAL PO 1143 FOB QATAR_jpeg.exe
- Size
  
  347KB
- MD5
  
  f826defd978e74a09d47ad5cbe2a6c93
- SHA1
  
  6892b6ebc8301ac535af2391aa0563453082fa4f
- SHA256
  
  2aa4e557d70c43b63c4c83dae89a00b09ded7c16317a30cce69d8b44c4ae2c2d
- SHA512
  
  44f3e9d07b4b520a5004c11ff903fa2868a423d062fc5f18c7faf0b45343d593db75a36b4585729b95488616a490af1facb66ad98a2d5f061b78021ba9f1c811
Score

10^/10

xloader b6a4 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2