xloader

General

Target

Drawing.exe
Size

572KB
Sample

211020-ga6f2shehm
MD5

da60dccf62e5dd00e76531b6e0e74794
SHA1

a9bb11bbb6bcc1cb69b302bcec25ec29d770e6d4
SHA256

88f9f44e6cb13da79a3967ffa56a9d8c46d8d49623518df5e90c3d4cf72b3b79
SHA512

e6e25dbcc0b8669f781da4533783f5cf9abb568762837c03768369b4b9d99e4b637ff1a06f1829d53b683e2dc2ade14831bc5df804e42d2516f9ed96e6f6a74f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

dq6e

C2

http://www.nihiufypsz.quest/dq6e/

Decoy

one80.center

buymorefun.store

wiew-bkjm.com

elvalordesertu.com

tallyeyeglassery.net

nuhive.net

supportsmercari.com

h5625.com

dfgroup.website

personlig-almanacka.com

gunpow3r.com

xn--tiergesttzt-0hb.com

mpochip.com

accreditslots.com

gameplancyber.com

clickonline.website

bhagyashreerestaurant.com

lunaenglish.online

kidsorange.com

reshapers.art

Targets

- Target
  
  Drawing.exe
- Size
  
  572KB
- MD5
  
  da60dccf62e5dd00e76531b6e0e74794
- SHA1
  
  a9bb11bbb6bcc1cb69b302bcec25ec29d770e6d4
- SHA256
  
  88f9f44e6cb13da79a3967ffa56a9d8c46d8d49623518df5e90c3d4cf72b3b79
- SHA512
  
  e6e25dbcc0b8669f781da4533783f5cf9abb568762837c03768369b4b9d99e4b637ff1a06f1829d53b683e2dc2ade14831bc5df804e42d2516f9ed96e6f6a74f
Score

10^/10

xloader dq6e loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2