xloader

General

Target

P. Order & Contract (A-4553) PDF.exe
Size

388KB
Sample

211021-f1ewcaagan
MD5

2b7aa1c3ad41c61590c7e8788717f3a3
SHA1

b25e8d174baa57079f2886d76ccf45248269d5d3
SHA256

4d9cbe2a33087ef1552af182cd03bbbe5bba8d01f5eb11c25c3eb3eb72008a7c
SHA512

67939ee05ad3baf7115f46cc85fabcff97b65836dd7ef8eedbfa9b114adca3376152bf00db3bf4d47976287b1d0ba1ed1960f036043fab392e5784a637f30084

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

r3n5

C2

http://www.keeyasmarketplace.com/r3n5/

Decoy

peterjhill.com

bleednavy.com

a6d83.top

koudoula.store

albawardl.com

j-sdigitalekuns.net

0wzr2dglc.com

xd16880.com

safepostcourier.com

seuic.net

hainansousou.com

meuexamor.com

strategicthinking.coach

tabliqatbama.com

kidzplan.com

non-toxicnailpolish.com

bwgds.com

behindhereyesphotography.com

age-oldpklduy.xyz

lesconfidentialistes.paris

Targets

- Target
  
  P. Order & Contract (A-4553) PDF.exe
- Size
  
  388KB
- MD5
  
  2b7aa1c3ad41c61590c7e8788717f3a3
- SHA1
  
  b25e8d174baa57079f2886d76ccf45248269d5d3
- SHA256
  
  4d9cbe2a33087ef1552af182cd03bbbe5bba8d01f5eb11c25c3eb3eb72008a7c
- SHA512
  
  67939ee05ad3baf7115f46cc85fabcff97b65836dd7ef8eedbfa9b114adca3376152bf00db3bf4d47976287b1d0ba1ed1960f036043fab392e5784a637f30084
Score

10^/10

xloader r3n5 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2