xloader

Resubmissions

24-09-2021 12:38

210924-pt7gfshae9 10

10-09-2021 09:24

210910-lc3kdschfl 10

Sharing

Copy URL

Twitter E-mail

General

Target

ledger.exe
Size

746KB
Sample

210910-lc3kdschfl
MD5

bb7bbc40aef8439092e6345d3428c975
SHA1

9bf46b95ff700e57bc0e38d5133577bfad260ea2
SHA256

b194903f2fb1231113b2cffdd6cf47e25d4d9f99675654f70865b1f3d0a9160c
SHA512

a1ed9eac420f49c4e101ddfb84a1b148a2c05a0999553978528cc1976f3027325b0944c721696ddc1b73b68bcc9766dcb884414efae70543ae7023f34130632f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

http://www.biosonicmicrocurrent.com/n58i/

Decoy

electrifyz.com

silkpetalz.net

cognitivenavigation.com

poophaikus.com

orchidiris.com

arteregalos.com

dailybookmarks.info

gogoanume.pro

hushmailgmx.com

trjisa.com

notontrend.com

2020polltax.com

orderhappy.club

panggabean.net

govsathi.com

hrsbxg.com

xvideotokyo.online

lotteplaze.com

lovecleanliveclean.com

swaphomeloans.net

Targets

- Target
  
  ledger.exe
- Size
  
  746KB
- MD5
  
  bb7bbc40aef8439092e6345d3428c975
- SHA1
  
  9bf46b95ff700e57bc0e38d5133577bfad260ea2
- SHA256
  
  b194903f2fb1231113b2cffdd6cf47e25d4d9f99675654f70865b1f3d0a9160c
- SHA512
  
  a1ed9eac420f49c4e101ddfb84a1b148a2c05a0999553978528cc1976f3027325b0944c721696ddc1b73b68bcc9766dcb884414efae70543ae7023f34130632f
Score

10^/10

xloader n58i loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2