xloader

General

Target

PROFOMA INVOICE.zip
Size

424KB
Sample

210924-m591lsggaj
MD5

dfda7426ba9d09975bb3aec98ca01bff
SHA1

1c5231841280e53fbacc229038dbafca79f98909
SHA256

657b9a1c9c0fe3f47a7c23fd38ef1626ee6ff9fc3d964f92a1a3745790ac8105
SHA512

e646fb99096d471c67a476d32367e74a1448022cf87037804b4623343c4ba1df51c2caae4ea24dddd831aea40fe19b1dc9ed759b0721f2808db7680d0bda2b94

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c2ue

C2

http://www.heidevelop.xyz/c2ue/

Decoy

isportdata.com

stellarex.energy

hsucollections.com

menuhaisan.com

joe-tzu.com

lumichargemktg.com

uae.tires

rapidcae.com

softwaresystemsolutions.com

s-galaxy.website

daewon-talks.net

northgamesnetwork.com

catalogue-bouyguestele.com

criativanet.com

theseasonalshift.com

actionfoto.online

openmaildoe.com

trashpenguin.com

ennopure.net

azurermine.com

Targets

- Target
  
  PROFOMA INVOICE.exe
- Size
  
  866KB
- MD5
  
  24736913b455be2ed3d1cc67c767afc4
- SHA1
  
  8026db0f265178cf013ac579c1b7267f4014bf2c
- SHA256
  
  a109f0b9407728fef1b41d766e8228085ee04661156d84ef543777bf311f450b
- SHA512
  
  49dd3e5ecbf6d4cd310a45d0b52e36a363d701f0a9cc14a1d3c103b613eb5a756fdc9ce8b028d69b56c4c8137d29ea3d57865b4ff75dac44bf982e5c80ee56ee
Score

10^/10

xloader c2ue loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Blocklisted process makes network request

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2