xloader

General

Target

PO 128.exe
Size

664KB
Sample

210907-ewc1hsehen
MD5

b28324fa7ead5dae86b30af4950c0faa
SHA1

130a7107cf6b22dddf6533f10b6e763bc59002aa
SHA256

55043fccaa51456c6d7b5aab6245b5cb74dde6cf3a6358f79aaddb81b6e320db
SHA512

f6b520c2b0b75b8678f4ad27796c24b644acd71d47fcb850b6c602927857d28551e0239ad2774afa2660794878a5adf48943d0529215accfd309bbda49ab6421

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

C2

http://www.mack3sleeve.com/n58i/

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

- Target
  
  PO 128.exe
- Size
  
  664KB
- MD5
  
  b28324fa7ead5dae86b30af4950c0faa
- SHA1
  
  130a7107cf6b22dddf6533f10b6e763bc59002aa
- SHA256
  
  55043fccaa51456c6d7b5aab6245b5cb74dde6cf3a6358f79aaddb81b6e320db
- SHA512
  
  f6b520c2b0b75b8678f4ad27796c24b644acd71d47fcb850b6c602927857d28551e0239ad2774afa2660794878a5adf48943d0529215accfd309bbda49ab6421
Score

10^/10

xloader n58i loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2