xloader

General

Target

REMITTANCE COPY.zip
Size

513KB
Sample

210920-pj5vwaggbj
MD5

84cf0e61d4caf67bbac9c4fdf04e2eb0
SHA1

b32c7a9fe4e551adafd55671e7c77839e6948e32
SHA256

3820bed6166132b08778f991f0d37eaf8038173775fb875b85ac37aed7d94bed
SHA512

b58100edcf399b22c448c35c0328d14d172b3d512c04971df959bc56fd061b8d05e13393d0f6408a832e52f2d2f772a0fdd334af7248592ecc4c9288a854d84a

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c2ue

C2

http://www.heidevelop.xyz/c2ue/

Decoy

isportdata.com

stellarex.energy

hsucollections.com

menuhaisan.com

joe-tzu.com

lumichargemktg.com

uae.tires

rapidcae.com

softwaresystemsolutions.com

s-galaxy.website

daewon-talks.net

northgamesnetwork.com

catalogue-bouyguestele.com

criativanet.com

theseasonalshift.com

actionfoto.online

openmaildoe.com

trashpenguin.com

ennopure.net

azurermine.com

Targets

- Target
  
  REMITTANCE COPY.exe
- Size
  
  1.3MB
- MD5
  
  01b0dffa7c000f4d55544eb38f8ab238
- SHA1
  
  cfa6ae5441f0c41d5d92e0fab0eb90b44e0d621e
- SHA256
  
  f1540e89eeb7046cd265d37ef63a6d282a1ff8a89875193ae775582e74205594
- SHA512
  
  d55c5d8e942d5dfe74a4ece63b707fa2a6f5d8551ed268d08eab9258ab9d91371d13a2dd447eb860b71bcbb125d5a1948b61bf40a2b7321dde7d6d2ce83cb526
Score

10^/10

xloader c2ue loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2