xloader

General

Target

Order confirmation 49506.PDF.iso
Size

526KB
Sample

210924-lelpnageck
MD5

de0448c16540c8ec55e6af25078fbac8
SHA1

9865ac66e1ffab8324394b030b107f9e863c3fb1
SHA256

51cfb97e6e1e19e8a0c068bd0d3ef9710777718cb9048944cccdebdc4bd3f951
SHA512

10f20815961d24fc6b1d4203ba05b60e6037d36453a69e2c4019f424c370a00a9e81f87a52da788af718e8cbd31d5a60f9a98dfdf272862aef10d4e2952c5144

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ny9y

C2

http://www.caddomain.com/ny9y/

Decoy

prelovedboutiqe.com

zhantool.com

grypeguidgorge.com

aa6588.com

privateerspacecompany.space

phil-goodman.com

jckabogados.com

familybeautifull.com

probinns.com

angelika-fritz.online

mygeeb.com

481344.com

freesoft.pro

extracter.store

fasxpay.com

hnjxcd.com

wfot2002.com

worldexecutor.com

tongxintachangjia.com

zachtippit.com

Targets

- Target
  
  Order confirmation 49506.PDF.exe
- Size
  
  465KB
- MD5
  
  a88e3833ee5ccb2434ee90aa645a8894
- SHA1
  
  b6e78de80bbdc7748dfcbea47bc43593b587b075
- SHA256
  
  4dfab25d3ccff9a33396c252590c27c57f23f9a94b11ebd9834b23981b0908e6
- SHA512
  
  becf2614d5196c2b43f74c94f76cc0e9e21ffc75edd8a3ec8057a01ed9e8cfce755590228174692e4935861406627f7048fcf0294007b62148c5ece9f065af77
Score

10^/10

xloader ny9y loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2