xloader

General

Target

COURT-ORDER#S12GF803_zip.exe
Size

415KB
Sample

210924-w6mfdahefn
MD5

5595049f8983e6731ea2e87a96444375
SHA1

cb3be0eac5d0dc5fa65c8053642d9c93fe305e31
SHA256

8d8be917722d690ef358f41bb560c72285a73331b4cc1b975cc76dcaef68b912
SHA512

b48082267a437d191768d9b5a09fd2d3e1aba059809ed166382ddf2fed7039e517834eb1ebba425614b9e44dd94430e55e247e13824705277e6e7706349f76ab

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u86g

C2

http://www.springgrowmeanairway.net/u86g/

Decoy

4tnoxrox.com

ff130.com

grapevinecrisiscare.com

system91.com

blondedocfabprivacypolicy.com

amphorabeverageservices.com

cvacity.info

cbghemppills.com

iowaconcertofhope.com

theilerablog.com

bg1133.com

jenniferkristinphotography.com

wnj.xyz

khdoctor.com

mittelstandsgestaltung.com

mimikis.info

my-data.pro

nativesonlabs.com

thelincmagazine.com

dsfrederick.com

Targets

- Target
  
  COURT-ORDER#S12GF803_zip.exe
- Size
  
  415KB
- MD5
  
  5595049f8983e6731ea2e87a96444375
- SHA1
  
  cb3be0eac5d0dc5fa65c8053642d9c93fe305e31
- SHA256
  
  8d8be917722d690ef358f41bb560c72285a73331b4cc1b975cc76dcaef68b912
- SHA512
  
  b48082267a437d191768d9b5a09fd2d3e1aba059809ed166382ddf2fed7039e517834eb1ebba425614b9e44dd94430e55e247e13824705277e6e7706349f76ab
Score

10^/10

xloader u86g loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2