xloader

General

Target

PAYMENT COPY.exe
Size

1.1MB
Sample

210920-yr43zshher
MD5

dd9dd4dc96b829fb76c94d93549077a3
SHA1

ab1b5e44e32b93b10f1697ef407e4e846da30226
SHA256

bf335484cc9fdfc68bda67acbe6eab1f65f0f7dd7043b3aff47b47201ca531c5
SHA512

e93f9a7258f1645df87976c73aae2b0ece10f9093ce6e28eb6df6e9bc7604df2df1b2d8902604b5c53c4e9684c1da988798ca5da4afb05dddd5c063cb64b5529

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c2ue

C2

http://www.heidevelop.xyz/c2ue/

Decoy

isportdata.com

stellarex.energy

hsucollections.com

menuhaisan.com

joe-tzu.com

lumichargemktg.com

uae.tires

rapidcae.com

softwaresystemsolutions.com

s-galaxy.website

daewon-talks.net

northgamesnetwork.com

catalogue-bouyguestele.com

criativanet.com

theseasonalshift.com

actionfoto.online

openmaildoe.com

trashpenguin.com

ennopure.net

azurermine.com

Targets

- Target
  
  PAYMENT COPY.exe
- Size
  
  1.1MB
- MD5
  
  dd9dd4dc96b829fb76c94d93549077a3
- SHA1
  
  ab1b5e44e32b93b10f1697ef407e4e846da30226
- SHA256
  
  bf335484cc9fdfc68bda67acbe6eab1f65f0f7dd7043b3aff47b47201ca531c5
- SHA512
  
  e93f9a7258f1645df87976c73aae2b0ece10f9093ce6e28eb6df6e9bc7604df2df1b2d8902604b5c53c4e9684c1da988798ca5da4afb05dddd5c063cb64b5529
Score

10^/10

xloader c2ue loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2