xloader

General

Target

RFQ - 1100195199 - 1100190914.exe
Size

373KB
Sample

211028-pzmdgagdak
MD5

0f3e620da62e90910e5ba126f927e84e
SHA1

60c1802a48d31314b47894214f89be2b20a2dc60
SHA256

c5d5cc8f818f3f07bd35e0255b59873957e37336ef4af224879023ecebec2342
SHA512

9f426f52ad331b28505ec13efc2e3f15a0fc5ddbd3481a254d19424daf5839520131478b57bc266d06410bb4396bc5af18af5916b2b78c3916dcc45486505511

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nc26

C2

http://www.tattooof.info/nc26/

Decoy

orangecountydeathmarch.com

blissbeautyuk.com

inarticulables.xyz

go-sbs02.com

annonces-pointvirgulefrance.com

ygcdyf.com

loftischoice.com

obesidadfceron.com

jaijin.com

kreditnekarticehr.com

proactiveline.com

sousouhenansheng.com

lynxvms.com

doujiu.xyz

getur-pckg.info

tremas25.com

jiayuesport.com

divyana.website

n1zk.xyz

benaatlc.com

Targets

- Target
  
  RFQ - 1100195199 - 1100190914.exe
- Size
  
  373KB
- MD5
  
  0f3e620da62e90910e5ba126f927e84e
- SHA1
  
  60c1802a48d31314b47894214f89be2b20a2dc60
- SHA256
  
  c5d5cc8f818f3f07bd35e0255b59873957e37336ef4af224879023ecebec2342
- SHA512
  
  9f426f52ad331b28505ec13efc2e3f15a0fc5ddbd3481a254d19424daf5839520131478b57bc266d06410bb4396bc5af18af5916b2b78c3916dcc45486505511
Score

10^/10

xloader nc26 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2