xloader

General

Target

UPDATED e-STATEMENT.zip
Size

423KB
Sample

210921-xww3hadabj
MD5

8ddba92498a7e520add6a6282da6c0a7
SHA1

d8d630865fc1a4ae35bab1ec78ee7f9c281f28a0
SHA256

9df620d5b8242e70e68eace1a0cf43acbf72145ba2a354bc42d7e4bb6bee126b
SHA512

7c2d63993df57351f217791114bb962f3276ebe89a189452afe2ce5377b2c6d947ce2af28111241596781a8f29936b6b04922a5778bce5ceb222df6c1dd75fb2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c2ue

C2

http://www.heidevelop.xyz/c2ue/

Decoy

isportdata.com

stellarex.energy

hsucollections.com

menuhaisan.com

joe-tzu.com

lumichargemktg.com

uae.tires

rapidcae.com

softwaresystemsolutions.com

s-galaxy.website

daewon-talks.net

northgamesnetwork.com

catalogue-bouyguestele.com

criativanet.com

theseasonalshift.com

actionfoto.online

openmaildoe.com

trashpenguin.com

ennopure.net

azurermine.com

Targets

- Target
  
  UPDATED e-STATEMENT..exe
- Size
  
  872KB
- MD5
  
  a3279da350cf134f736629e5e55c0a41
- SHA1
  
  d28cc3a2cc3e16cf38634cab8db41aacebf4709b
- SHA256
  
  fc9f8f3e66f8ea09953b7b5eba261ff36eb9a78a5f92787eb879420ee3bad581
- SHA512
  
  248040d33716b6f7fb5c0764380c67489d2acdc52784b2d8020faa57f09edc383ab7ecd85c297ef2516698e2cfa92e7d8edc8fc0c510263e5a2b91e1f650d79b
Score

10^/10

xloader c2ue loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2