xloader

General

Target

Bank Slip 001.r15
Size

469KB
Sample

210907-f7bghafbfk
MD5

6671df3823037d5aa9b2e76006e2bd21
SHA1

5720514042238f143a4bb1c2a6602a2bf24d775b
SHA256

3bae9b893714983a989f2d82cbafe1166df96100ae5d05cb6914c8ad37528f7f
SHA512

def135362a5e69c1007feb6138094a6b132922c6e00286ce81ce889ef3e8a90722c821b6ec262aeae324a17904830fb6423c054186239f9054fd98897d27ed0b

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

t75f

C2

http://www.vertexnailsblaine.com/t75f/

Decoy

onegolfsydney.com

kaizensportscoaching.com

mliacbjv.icu

rinstech.net

midas-parts.com

istmenian.com

ibrahimpike.com

herbspaces.com

gentleman4higher.com

workabusiness.com

isabusive.website

222555dy.com

lwhyzhzb.xyz

gabrielabravoillanes.com

hearthomelife.com

buildswealth.com

printitaz.com

l-mventures.com

baincot3.com

nstaq-labs.com

Targets

- Target
  
  grace $$.exe
- Size
  
  489KB
- MD5
  
  ba3c72780f80542fe09aeed80a9a56c6
- SHA1
  
  22bc724884cf52efe4c596bcd8ffdd155c783238
- SHA256
  
  c840ee368fcab5974485c16fc456b1dc1923cc5e113ce6a96f6f314a7ec5ac94
- SHA512
  
  a66602343d24dff4330551b900644ece8fe62059a88327ddac99fb0bc625a7eb3cfa6f3697beed4a0ec9f2f1f227f42dd4e36c43470cf4c71d38b6ad07ee15fd
Score

10^/10

xloader t75f loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2