xloader

General

Target

Purchase Order.exe
Size

723KB
Sample

210904-g4btjahbam
MD5

79dae9895308abef58a532de53032573
SHA1

3ad252d19fd95dad926d426662a0d5168a94133d
SHA256

d634969bc2a0130a49885595394a5543e8a21458db2474dc909431b3ca9d0df4
SHA512

b4ae73859fd3f866a54570c0346c976aff0aadda00bdfa082e89052724f0c3a28643385ef03ebc56fb7bf62d182063573e25de246260c20ad1e190f77e67a4ca

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bp39

C2

http://www.piadineriae45.com/bp39/

Decoy

glembos.com

adjud.net

beautifyoils.com

chilewiki.com

duxingzi.com

happygromedia.com

restpostenboerse.com

vowsweddingofficiants.com

ladingjiwa.xyz

keepmakingefforts-001.com

yeniao.net

eyildirmaz.com

sayanghae.com

promoteboost.com

lzft.net

proudindiacompany.com

birchwoodmeridianlink.com

mesinionisasi.com

wwwrigalinks.com

wewearthepants.com

Targets

- Target
  
  Purchase Order.exe
- Size
  
  723KB
- MD5
  
  79dae9895308abef58a532de53032573
- SHA1
  
  3ad252d19fd95dad926d426662a0d5168a94133d
- SHA256
  
  d634969bc2a0130a49885595394a5543e8a21458db2474dc909431b3ca9d0df4
- SHA512
  
  b4ae73859fd3f866a54570c0346c976aff0aadda00bdfa082e89052724f0c3a28643385ef03ebc56fb7bf62d182063573e25de246260c20ad1e190f77e67a4ca
Score

10^/10

xloader bp39 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2