xloader

General

Target

Invoice.exe
Size

376KB
Sample

211029-lwmnaahgfm
MD5

d316b55036ed7571bf26849eb0ae463b
SHA1

9b9e1398a81f5692caaf168023311e78fba2b193
SHA256

f82263cd92ff85163569edb0eae620d23858d5958bb88b5bb205e6660d1e8822
SHA512

4037268abc4c9a08d1c8cb2ac87ea239c4315999ef315fe08a2b1c9eac34163a318c9cbfdcb4a11477b0388527f0f15572325b6a9e75fb117765550e48e5ef56

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ku75

C2

http://www.majesticgolftours.com/ku75/

Decoy

brews4you.net

underdogpride.com

ej-anders.com

celescope.com

misguidedmarket.com

chaoqiangjixie.com

goldingravel.com

sliceofheavenmenu.com

playlovely.com

modern-elementz.com

privateschoolsofmanila.com

calguardbeta.com

greekowner.com

enrisi.com

musicway.digital

cryptohealthpass.com

kinchipectic.quest

sherwoodstory.online

consultordeimoveis.online

selfhealthcare.club

Targets

- Target
  
  Invoice.exe
- Size
  
  376KB
- MD5
  
  d316b55036ed7571bf26849eb0ae463b
- SHA1
  
  9b9e1398a81f5692caaf168023311e78fba2b193
- SHA256
  
  f82263cd92ff85163569edb0eae620d23858d5958bb88b5bb205e6660d1e8822
- SHA512
  
  4037268abc4c9a08d1c8cb2ac87ea239c4315999ef315fe08a2b1c9eac34163a318c9cbfdcb4a11477b0388527f0f15572325b6a9e75fb117765550e48e5ef56
Score

10^/10

xloader ku75 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2