xloader

General

Target

DOC.LZH
Size

410KB
Sample

210904-tb73gshebm
MD5

244b7cc8418346d75cca9b4d169a5fba
SHA1

d85a351aea4eeb8d770220277e2ce3b1b980b486
SHA256

84ab5a7f638456782fd8cf6bbbb4e9a2f800abafeea42a075516d8f597fa26ce
SHA512

7068fe3ed782b7af54c7732cabd1019b3ccba99ae64a55474df1706892836d7aad333290a6bca4ada9c19bc7806197faf0aae1f085cf8154863719eb0eff9468

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

C2

http://www.mack3sleeve.com/n58i/

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

- Target
  
  DOC.exe
- Size
  
  688KB
- MD5
  
  5045cebda11fea245cfa92e2cc406119
- SHA1
  
  69512164421d2b9f911f66837cda9f1e18dd86c9
- SHA256
  
  1575d06ca2a52c1ff60058d6fba43712c2926ecd3f640710ed8f96ec3aaf57da
- SHA512
  
  c7febf7bd68c01f0471e2359d5db921745b096d441e35aa5384d98de7dc1a50549aaac70714fd9ab91c40e45b824425a2ff1b31f171b1d88de52d7849f5fc50c
Score

10^/10

xloader n58i loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2