xloader

General

Target

1ZA109T4043832978.exe
Size

870KB
Sample

210929-q7lbtafcak
MD5

b9c97800cf3e146a5ab333672363db14
SHA1

545da9f150fcdf0994b87d09b26963c3a2788665
SHA256

5f849b2eff2280adf1041388bbad6fc2e4f047c36b6d942ecd4e07946352049c
SHA512

65f5ed4a6ebfb6125faa6f347070d391c5ec883f84603777605da2790cb8bf90c372e8d1bb86447479e2ddb3d63ea6b4fb089667a0fdb7ed6587b2416c7a7fb5

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

tr7h

C2

http://www.globalinterchangellc.com/tr7h/

Decoy

hnhstudios.com

du-lang.com

lonestartradeoilllc.com

criptool.online

rebus-automotive.com

boxedwallconsepts.net

helixarray.com

jinqiaodianfen.com

goldenwaxi.com

comprarloterianacional.com

digebitdigital.com

cryptoupp.com

332151.com

bousui.club

redakassoumeh.com

giantinosglobalreachstore.com

resultsnft.com

papicolar.com

juvesti.com

tax-kaikei.com

Targets

- Target
  
  1ZA109T4043832978.exe
- Size
  
  870KB
- MD5
  
  b9c97800cf3e146a5ab333672363db14
- SHA1
  
  545da9f150fcdf0994b87d09b26963c3a2788665
- SHA256
  
  5f849b2eff2280adf1041388bbad6fc2e4f047c36b6d942ecd4e07946352049c
- SHA512
  
  65f5ed4a6ebfb6125faa6f347070d391c5ec883f84603777605da2790cb8bf90c372e8d1bb86447479e2ddb3d63ea6b4fb089667a0fdb7ed6587b2416c7a7fb5
Score

10^/10

xloader tr7h loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2