xloader

General

Target

PO-TFL39043.iso
Size

406KB
Sample

211025-scqzxshbfr
MD5

4c49eee470ce69a4a38d14e2022fc87f
SHA1

77bab2c72a03a3b9a45b1778bb6ef796dbbaae02
SHA256

d33a2ebb9433efe141931ba40d9395a7039d476111e99f557f139052cb5ef612
SHA512

d786948a2b8e26ee747c7b2be27626169c251660da2607d3c3cfe5ca8c3e83f4199cb535f34d0eb9a1fe2c21ba771146f799b096cf8628e4fc9d6710f76b195c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p208

C2

http://www.thaoduochuyetap.online/p208/

Decoy

thegaleriaon17.com

daughtersweekend.com

decisionmatrixtool.com

hollandmedia.services

yishengkeji.xyz

tiffanyszerszen.com

facetofacemodels.xyz

interiorsfurnituredubai.com

8p9s8yiotjqkw4wd.com

immobillienpate.com

annmariegrindart.com

hesenna.com

codechunx.com

vollabi.com

leishasart.com

marschaleine.com

rootpresidential.xyz

sharingtechnology.net

smartlifetokens.net

mylocalshit.com

Targets

- Target
  
  PO-TFL39043.exe
- Size
  
  344KB
- MD5
  
  f9ca5c26a7b036d6ed12428e9415e57a
- SHA1
  
  9f2a5bb76a351b8bedbd29125283631346117115
- SHA256
  
  301c57782851a93d5b229fc921d1953a9c650131f6a3dfad1176705e5a99fb38
- SHA512
  
  0691723bd263abcd628ee579ee96f7238e823a46f8c08004e0670f3179480cfd16bd508da72b0d37889f54b5deea2b54ec86e53627b06355e08b043173b24821
Score

10^/10

xloader p208 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2