xloader

General

Target

SWIFT MT103_Pdf.exe
Size

652KB
Sample

210907-ttxpgagbdp
MD5

bde47c8cf36ec091efbf5891096efa05
SHA1

98fff03b63be37a6e2772fc62cb933361f615f4f
SHA256

c4fbb69a5b90c147f3c92ef7dd08f18d1a8dede5a347ea788160a76bcd6aa44e
SHA512

30297d5b9d15b5196791843eb45d1895ed9d2d38b1157a15bf3f0c6d769355c8c901e9f04d943d26f191b5cde7ec6305842aaf9207426406a8b89036d2dd8c04

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u86g

C2

http://www.99356a.com/u86g/

Decoy

agenciaplim.com

fastpage.info

tiantianbd.com

hanedanpirlanta.com

project1accessories.com

rebeccadoumet.com

vrdnfz.com

jeaninesatl.com

isaakwallihconstruction.com

aegis.cloud

tigerandsnow.com

thehappyadventurer.com

ahhazu.com

hiveplushoney.com

k-plan-ning.com

peresvet.one

darkworkcustoms.com

deathbok.com

blackinkswizz.com

077sb.com

Targets

- Target
  
  SWIFT MT103_Pdf.exe
- Size
  
  652KB
- MD5
  
  bde47c8cf36ec091efbf5891096efa05
- SHA1
  
  98fff03b63be37a6e2772fc62cb933361f615f4f
- SHA256
  
  c4fbb69a5b90c147f3c92ef7dd08f18d1a8dede5a347ea788160a76bcd6aa44e
- SHA512
  
  30297d5b9d15b5196791843eb45d1895ed9d2d38b1157a15bf3f0c6d769355c8c901e9f04d943d26f191b5cde7ec6305842aaf9207426406a8b89036d2dd8c04
Score

10^/10

xloader u86g loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2