xloader

General

Target

Swift Copy.exe
Size

459KB
Sample

210910-f4bm4acedr
MD5

3b2a3fb863cf4f30e508e7be83d5adc7
SHA1

b81ab8811217e31a7ff73e6defd0c51b0ceba101
SHA256

acf3df7da4bdf99226ab8574e15d1145e46e28605afdf660f1fb19b1d061c386
SHA512

c24ad26caea342de74148c29f45a1891d19989f8af63ba51da2877ad7bcf65a2f4449f1b8f638d38efd5ce44e14b8dc58930fcb9fe53563eac26ce64f211214d

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

C2

http://www.biosonicmicrocurrent.com/n58i/

Decoy

electrifyz.com

silkpetalz.net

cognitivenavigation.com

poophaikus.com

orchidiris.com

arteregalos.com

dailybookmarks.info

gogoanume.pro

hushmailgmx.com

trjisa.com

notontrend.com

2020polltax.com

orderhappy.club

panggabean.net

govsathi.com

hrsbxg.com

xvideotokyo.online

lotteplaze.com

lovecleanliveclean.com

swaphomeloans.net

Targets

- Target
  
  Swift Copy.exe
- Size
  
  459KB
- MD5
  
  3b2a3fb863cf4f30e508e7be83d5adc7
- SHA1
  
  b81ab8811217e31a7ff73e6defd0c51b0ceba101
- SHA256
  
  acf3df7da4bdf99226ab8574e15d1145e46e28605afdf660f1fb19b1d061c386
- SHA512
  
  c24ad26caea342de74148c29f45a1891d19989f8af63ba51da2877ad7bcf65a2f4449f1b8f638d38efd5ce44e14b8dc58930fcb9fe53563eac26ce64f211214d
Score

10^/10

xloader n58i loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2