xloader

General

Target

Ordine allegato.exe
Size

907KB
Sample

210930-lc2yvshbhm
MD5

01c66819d65c1ef79104a2c1e3520e46
SHA1

0382eb0aec349646bd5065d03adad7bb8603c977
SHA256

d6dc7cd7605c5f0c4f4edb58a1662ea00f707e563a339bbcb294b01c44c1ace7
SHA512

b988afd50d0da87dcd0b3228841511cb31aa9f31536c8664c346268fc3fe858e36469b81e6ef81f68b121602076a0808c3092e4ad5b76f6ed65bb59f0544331c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pvxz

C2

http://www.finetipster.com/pvxz/

Decoy

imt-token.club

abravewayocen.online

shcloudcar.com

mshoppingworld.online

ncgf08.xyz

stuinfo.xyz

wesavetheplanetofficial.com

tourbox.xyz

believeinyourselftraining.com

jsboyat.com

aaeconomy.info

9etmorea.info

purosepeti7.com

goticketly.com

pinkmemorypt.com

mylifewellnesscentre.com

iridina.online

petrestore.online

neema.xyz

novelfooditalia.com

Targets

- Target
  
  Ordine allegato.exe
- Size
  
  907KB
- MD5
  
  01c66819d65c1ef79104a2c1e3520e46
- SHA1
  
  0382eb0aec349646bd5065d03adad7bb8603c977
- SHA256
  
  d6dc7cd7605c5f0c4f4edb58a1662ea00f707e563a339bbcb294b01c44c1ace7
- SHA512
  
  b988afd50d0da87dcd0b3228841511cb31aa9f31536c8664c346268fc3fe858e36469b81e6ef81f68b121602076a0808c3092e4ad5b76f6ed65bb59f0544331c
Score

10^/10

xloader pvxz loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2