xloader

General

Target

Inquiry-URGENT.zip
Size

442KB
Sample

211002-ct5xeadegk
MD5

19b17876f701ae06ff22d8fa24790aa8
SHA1

20387eef3f68258589913d62a7b0b4ce01776247
SHA256

092556173667d99c032fc3698faa80242ddcc880b9854655c5f619355903c4ae
SHA512

96988712f4ca58920cb6892de467a8b7267572c346fd8efe5fca8d681f8deaef762eb1a63f0e63ebb261ae8a3e1a25113285666bb8674b0fb373c0d064ff2356

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b5ce

C2

http://www.rheilea.com/b5ce/

Decoy

advellerd.xyz

giasuvina.com

arab-xt-pro.com

ahsltu2ua4.com

trasportesemmanuel.com

kissimmeesoccercup.com

studyengland.com

m2volleyballclub.com

shyuehuan.com

elsml.com

blog-x-history.top

coditeu.com

allattachments.net

vigautruc.com

mentication.com

zambiaedu.xyz

filadelfiacenter.com

avlaborsourceinc.info

tameka-stewart.com

studio-cleo.com

Targets

- Target
  
  Inquiry-URGENT.exe
- Size
  
  617KB
- MD5
  
  7c347b3aba43cefc31e91fede356961b
- SHA1
  
  58bb9e282a8d6c95941d310a23010718901c58dd
- SHA256
  
  c18d5baf727358a8635a51fc7cfb4c3f4c90c78abcecf051feb4540323e98746
- SHA512
  
  94b6633784c888527aef5e3f4cba9d03b04118f43c0f6222b2c60e756fdb183fe88e9a9d940b95fb3ac2d85bee4a4a681ab8f77f4de85c9a722c8c8da9eaebe9
Score

10^/10

xloader b5ce loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2