xloader

General

Target

SWIFT COPY.r15
Size

841KB
Sample

210904-g8xa2ahbap
MD5

5a5bd5605fd97160dc6435a977b8917d
SHA1

ed5fb9dd749d92f35687bfe9e9de5e1f69b430e6
SHA256

21b77f4fd5bbd684068228d09d0d75962ccbb8e616062c461585d2bd9d8930bc
SHA512

4f8c82947eb8a1b8f28999a45f5284ee597709bc57c0f600acebbc2ac60de39fb4decea9769181cd055ee15fc7b47eace273371db090f799ec358802728a7a45

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

C2

http://www.mack3sleeve.com/n58i/

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

- Target
  
  SWIFT COPY.exe
- Size
  
  1019KB
- MD5
  
  db3b886ffd269fb799e29c5cffa9f5c2
- SHA1
  
  9008b552a083e5e6c31d601d99629d54a2b86adf
- SHA256
  
  e5087564339ba6df9121621508233b27e2cac0ef94afa68a3dc777792bc18389
- SHA512
  
  078f27749799daa0a58f8290342472d2294ba3f27e2bf61e5b2c092dd1aabc9fa9a2f901e020984d34877ea3e44f5018c7f47d56ce5130f1adf536702ffab51a
Score

10^/10

xloader n58i loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2