xloader

General

Target

SOA.zip
Size

513KB
Sample

210920-pc9v9agffq
MD5

b4cffe7cd5126e9c9db734fd249c3363
SHA1

825259bedb73ba9f53658fc510caf74f0a0aaaab
SHA256

bac672bcf2fa44fe0e91368a6496b021aa410213e67fb6110eea30e7318a793a
SHA512

242b417d8b5c4c334bddfe19e62fa783b9847ba52940f8a046ad1579a08636e30d291dc1c78c7e80eccf907f7fce6174dde954a8d15047f4873d89e8a7274a4b

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c2ue

C2

http://www.heidevelop.xyz/c2ue/

Decoy

isportdata.com

stellarex.energy

hsucollections.com

menuhaisan.com

joe-tzu.com

lumichargemktg.com

uae.tires

rapidcae.com

softwaresystemsolutions.com

s-galaxy.website

daewon-talks.net

northgamesnetwork.com

catalogue-bouyguestele.com

criativanet.com

theseasonalshift.com

actionfoto.online

openmaildoe.com

trashpenguin.com

ennopure.net

azurermine.com

Targets

- Target
  
  SOA.exe
- Size
  
  1.3MB
- MD5
  
  01b0dffa7c000f4d55544eb38f8ab238
- SHA1
  
  cfa6ae5441f0c41d5d92e0fab0eb90b44e0d621e
- SHA256
  
  f1540e89eeb7046cd265d37ef63a6d282a1ff8a89875193ae775582e74205594
- SHA512
  
  d55c5d8e942d5dfe74a4ece63b707fa2a6f5d8551ed268d08eab9258ab9d91371d13a2dd447eb860b71bcbb125d5a1948b61bf40a2b7321dde7d6d2ce83cb526
Score

10^/10

xloader c2ue loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2