xloader

General

Target

Enquiry Reference Number 0025559278.zip
Size

379KB
Sample

211108-hx815agfdr
MD5

9654f165b29cc030d36b414d3c445734
SHA1

40c9fd4becfaea27f112f31dbe50fd309af0c7f7
SHA256

9afdb99019075297859112547af462379993b79cbae5f8f9076952c6f088646c
SHA512

cb79ba30f668676387638074ab9f33d618e7393e9bcf6cae403823ca033eac2f0f7f4e50fc1a7e5a31114b2195727775e936b8c8d8cf0c9d49ecfcfb967a23ac

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u0n0

C2

http://www.52xjg3.xyz/u0n0/

Decoy

learnwithvr.net

minismi2.com

slimfitbottle.com

gzartisan.com

fullfamilyclub.com

adaptationstudios.com

domynt.com

aboydnfuid.com

dirtroaddesigns.net

timhortons-ca.xyz

gladiator-111.com

breakingza.com

njjbds.com

keithrgordon.com

litestore365.host

unichromegame.com

wundversorgung-tirol.com

wholistic-choice.com

shingletownrrn.com

kapikenya.com

Targets

- Target
  
  Enquiry Reference Number 0025559278.exe
- Size
  
  744KB
- MD5
  
  cd9435966d20de265bc5f6f40daff4a3
- SHA1
  
  76cb2ab21a6009275ba3dcbe256a15a211833f35
- SHA256
  
  45790f1cc3cb37ecfe541981ddf9d25684d92576cceb6bdb809f345014de84f0
- SHA512
  
  95b3749be5950d52c3124df37971a0d03f3c7dd10168df13d9d2a2e523f6c435e51866207d9263f12164d86ab9e310ad098175ef59b9f1d83c678197cb44d528
Score

10^/10

xloader u0n0 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2