xloader

General

Target

Order Confirmation with Invoice & Packing List.Pdf.iso
Size

620KB
Sample

210924-jmjh6agcen
MD5

e64d7b9859cbb9d141d061f3e6afbd0e
SHA1

1d78d07375311deb0597827283385f7634c91de3
SHA256

7effdc483443a8b60d6d9646cc133f1861ab331a384a397adb62f609d61662fa
SHA512

6a92182c9ef3643d79683f893a530e3b401cacdf2b8c28443be132caf8cd21382a96cb081ddc916bf2e13d6f4abc0a9a7ff0dd65a79c04b1c42e26b4520828fc

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ny9y

C2

http://www.caddomain.com/ny9y/

Decoy

prelovedboutiqe.com

zhantool.com

grypeguidgorge.com

aa6588.com

privateerspacecompany.space

phil-goodman.com

jckabogados.com

familybeautifull.com

probinns.com

angelika-fritz.online

mygeeb.com

481344.com

freesoft.pro

extracter.store

fasxpay.com

hnjxcd.com

wfot2002.com

worldexecutor.com

tongxintachangjia.com

zachtippit.com

Targets

- Target
  
  Order Confirmation with Invoice & Packing List.Pdf.exe
- Size
  
  559KB
- MD5
  
  91395b2b8907c3d08e2d6b4da9931a9c
- SHA1
  
  801c292d0673c8ec990fa9dab1ebaae122dbc552
- SHA256
  
  387508d9f7c0d79b09bde31b037d1c43ceb1ce799a0cc94a77a20226477b47f7
- SHA512
  
  0d95e0a195c1707c37cfecbe9d241f80935f25f1c8073eaa510c3ddd95c3deecd2e85f9ca5bb9387238935c78b29f164261da22e933aa2d65ccde1c7b3ea89eb
Score

10^/10

xloader ny9y loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2