xloader

General

Target

SOA[1].r15
Size

510KB
Sample

211025-k3ck8agham
MD5

0c48ec3f7bc26f4995b5dd4324fdbe87
SHA1

740db2e57a1e10b5d29d001ef903d95157db70c4
SHA256

3ed36b8022b12ec4f03856980ae7bcbdd4b0e192bc7c0dbf4b4c190e24b5eac0
SHA512

a2129a397bb2e57482933cc9943ae735834ac7b35584ef15f3099b5080d47537e7fb39efe01d11b6cfc75d03feca52d52a87ea3b063be48539ab59168e571ba4

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

imm8

C2

http://www.hideserthealthinsurance.com/imm8/

Decoy

ewgnkxdgtqfspem.com

patxipiruli.com

eejy.ltd

parc-pro.com

kdcindia.com

dimathi.com

majesticreinsstable.com

zhaoyun.xyz

starfroot.com

dikanwang.com

420moxielane.com

danilaschembri.com

stablecoinreviews.com

camham.co.uk

happyspaces4life.com

ivonina.com

businesszukai.com

dietkusimple.com

nomeasureu.com

youthcampresources.com

Targets

- Target
  
  SOA.exe
- Size
  
  580KB
- MD5
  
  a0661a2081100ffcb2a6f012237c4955
- SHA1
  
  2331112fa3c9357aaba68c3d7402b112c705c72a
- SHA256
  
  11f0960531aa51e1fc9e04c007c60d731d309baa35e90d9d4e9c49feff74d47d
- SHA512
  
  dd3173fd770ec1601a6b454d450ce8118c596b3e72ead12c79df5f3dd4165be9892b8273775b9da1aa6136a55898bfb31a4da2c16e15303b402c00e9b117b774
Score

10^/10

xloader imm8 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2