xloader

General

Target

bank slip MT 101.rar
Size

500KB
Sample

210910-lkxdcachgk
MD5

ececf539dce6dbf542d7d5259c09cce2
SHA1

0292a897deab10e014bdc4be2a365c77f7708dde
SHA256

c23fc14c5b0ed7db4eef852f81174ea5526fced2694a85fec53f45d65273750f
SHA512

9c95a918e130701231cc51f3dd69f423a04425c2976c72bccc019e85d24cd18ddec4d15ee1e022dc62fbf23b152b2493cc7d4a7bedc8cb24328992acd89a6ec2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

t75f

C2

http://www.vertexnailsblaine.com/t75f/

Decoy

onegolfsydney.com

kaizensportscoaching.com

mliacbjv.icu

rinstech.net

midas-parts.com

istmenian.com

ibrahimpike.com

herbspaces.com

gentleman4higher.com

workabusiness.com

isabusive.website

222555dy.com

lwhyzhzb.xyz

gabrielabravoillanes.com

hearthomelife.com

buildswealth.com

printitaz.com

l-mventures.com

baincot3.com

nstaq-labs.com

Targets

- Target
  
  pay $.exe
- Size
  
  557KB
- MD5
  
  5f36a5d12506389cb097a59838155c52
- SHA1
  
  b4de1b62ee1775c0e10fe0442cd1b6b3ef75146b
- SHA256
  
  43d831616e23a03c055971bc1c7c9ae0e87f491976e72ce8fa0074610f004488
- SHA512
  
  0dd7386c15c606c465496ff837a9780efa889a117da31c93f388601483d7d8f473a3ef80a727f7ac0b039d272c4753abc3bac73bdd53bb109bd5515134dd7ff6
Score

10^/10

xloader t75f loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2