xloader

General

Target

6269888674037760.zip
Size

485KB
Sample

211122-1jsq4aghcl
MD5

4377372b4e746d9f513395a34ebd8c5a
SHA1

a21851548c27449a4d78e2b8b632df83ad09f3f5
SHA256

cd11ff6fd92ca115b19fec46fbb9d1ef8540bc1e2ffc21ffcb46ef1f22482e0c
SHA512

32d92c48c9c5f90befb043e4139f657799e6bc3e26d0560a52b9ab0402db3e8d6de1875273868174c56e084e358f8f66f41e99a820eb03b21f5f4ea217daac6e

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

re6p

C2

http://www.workwithmarym.com/re6p/

Decoy

jedidpress.com

firstimpression.global

iflycny.com

greenandskin.com

tt9577.com

sumidocpa.com

readsprouts.com

heavenlyhighcreations.com

jlhvz.com

ita-web.com

graeds.com

soundtolight.xyz

rajtantra.net

wearinganawesomewoman.store

hrappur.net

wangmiaojf.xyz

youtogo.xyz

mydeadzone.com

qenagypsum.com

kopijhony.com

Targets

- Target
  
  PO NOVEMBER 2021 22 PDF.exe
- Size
  
  1012KB
- MD5
  
  96423701a8a3e23e41a7e6d6542f2dc6
- SHA1
  
  6116c35ff15742f9373ec512e474331e2b1eeffe
- SHA256
  
  015174d2840ba0ff84b09efa54379b87fdb761a306d55ec707353f162b8ba39a
- SHA512
  
  cc0e48830c2c0d503ac37e8b6000eb4c8060c25a86abe72e1122b5bd2645f7855be267ec5ffcc28166389200228275a0d4ca13d38a1f1d08a95740a8c1987509
Score

10^/10

xloader re6p agilenet loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Blocklisted process makes network request

Deletes itself

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2