xloader

General

Target

pay $.exe
Size

557KB
Sample

210910-mbyeqadadq
MD5

5f36a5d12506389cb097a59838155c52
SHA1

b4de1b62ee1775c0e10fe0442cd1b6b3ef75146b
SHA256

43d831616e23a03c055971bc1c7c9ae0e87f491976e72ce8fa0074610f004488
SHA512

0dd7386c15c606c465496ff837a9780efa889a117da31c93f388601483d7d8f473a3ef80a727f7ac0b039d272c4753abc3bac73bdd53bb109bd5515134dd7ff6

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

t75f

C2

http://www.vertexnailsblaine.com/t75f/

Decoy

onegolfsydney.com

kaizensportscoaching.com

mliacbjv.icu

rinstech.net

midas-parts.com

istmenian.com

ibrahimpike.com

herbspaces.com

gentleman4higher.com

workabusiness.com

isabusive.website

222555dy.com

lwhyzhzb.xyz

gabrielabravoillanes.com

hearthomelife.com

buildswealth.com

printitaz.com

l-mventures.com

baincot3.com

nstaq-labs.com

Targets

- Target
  
  pay $.exe
- Size
  
  557KB
- MD5
  
  5f36a5d12506389cb097a59838155c52
- SHA1
  
  b4de1b62ee1775c0e10fe0442cd1b6b3ef75146b
- SHA256
  
  43d831616e23a03c055971bc1c7c9ae0e87f491976e72ce8fa0074610f004488
- SHA512
  
  0dd7386c15c606c465496ff837a9780efa889a117da31c93f388601483d7d8f473a3ef80a727f7ac0b039d272c4753abc3bac73bdd53bb109bd5515134dd7ff6
Score

10^/10

xloader t75f loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2