xloader

General

Target

70654 SSEBACT.r15
Size

477KB
Sample

210904-rt67sshdgk
MD5

c83fd5ac0b5dde662ebfeec5674e6a9f
SHA1

89c05ed4d15d08968be1128ec9f6cef1c77ad364
SHA256

8343e5f3b4087edbfca73992b4a93d0ec7c169d7e84ed9e9501986254dbd2d4c
SHA512

52ff5044f6d3c0cd22bdb30c6dad8560c833f855c12b0a4a104720702c304e8285f240a30979b797fd9230b994a922bcf8e4502a64d60924cb533e68c644e05b

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

C2

http://www.mack3sleeve.com/n58i/

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

- Target
  
  70654 SSEBACT.exe
- Size
  
  495KB
- MD5
  
  cd487ac4410fcfff956806ec61a33de3
- SHA1
  
  b07ae144754d79fc09b4960a250c811b1c90dd5c
- SHA256
  
  db6988403e9bf2b750a78237f65394acafdd31173f013bbb789156d76c4d5eab
- SHA512
  
  956057023bf10477d6d3bb042d3edd1e4dd636ada7a6b07366cbffcf21d7895bcccb3a3cd72e40b07204ce52dc61c9c27bfda78c9f6cc8e76deb5b8873c2ae86
Score

10^/10

xloader n58i loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2