xloader

General

Target

Bank Detail.r00
Size

559KB
Sample

210923-hvnbmsabfl
MD5

8d24bb63158d4b154a57b1fab989c174
SHA1

64dda2f4b6fdd36a971d217bdf7916c61088b9c2
SHA256

36ce9036dc3f761e10f1a795451aa70aa689aa988e3ec78092749db4e02142d4
SHA512

f718ce26c6b6c458bd63dc1f45ce506c2d2fd4acbb9d19caaa57ea82ba7faf66fdaacc08a16be8708f6c639f3d2f6e08477098d3698448be583abf51cf917a6e

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gjeh

C2

http://www.getaudionow.com/gjeh/

Decoy

carmator.com

bsbqrp.com

siemens-mp.com

dunnfloorcoverings.com

cpassminimedicalschools.info

howtodesignyourhomeoffice.com

famliytaste.com

freesocialmarketing.com

jejuhaenyeo.net

tradebot.icu

arzug.com

carrefour-solucoes.online

ladyom.com

aoironote.com

newmexicocarwreckattorney.com

wealthpatternsllc.net

thinkpinkalicous.com

prajapati.company

bjhwky.com

jsdigitalekuns.com

Targets

- Target
  
  onxyPs4yG1MUPbN.exe
- Size
  
  751KB
- MD5
  
  dcf0af8133ef8884811ad04f6c4274e8
- SHA1
  
  65c24521f2670260e9abe932c639f51b0847971b
- SHA256
  
  115716164b2092df207c750d11a2b4ce05bee204b7f21f1f62d93a5b7d78afa1
- SHA512
  
  1ff607115b6a831783f6273a7ab84bd6d9899d2ef6fcea96e1449a9ee692b74e0405a9a17349275ef6ae588fd9aaf4aa7fd29c767619502ba73ea31b24c61514
Score

10^/10

xloader gjeh loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2