xloader

General

Target

remittance advice_001001098.exe
Size

331KB
Sample

211126-ppg11acccn
MD5

7877a7074c688baf439f7ec1ab150682
SHA1

6c2539fb927b57388866f1c072cdf681b585fb2a
SHA256

08ade6bd3efcd20c80defdde936ef1329713af42d28889ffb69ba26b321a297f
SHA512

6e5dff775fe478634fc3553b0bed3e9e9fda7a956cc17743f2b1b27e06256008ba7bc229d55a409cb710f078c97b70bb709c764b9fc144c0700d77dab6f83402

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

e8ia

C2

http://www.helpfromjames.com/e8ia/

Decoy

le-hameau-enchanteur.com

quantumsystem-au.club

engravedeeply.com

yesrecompensas.lat

cavallitowerofficials.com

800seaspray.com

skifun-jetski.com

thouartafoot.com

nft2dollar.com

petrestore.online

cjcutthecord2.com

tippimccullough.com

gadget198.xyz

djmiriam.com

bitbasepay.com

cukierniawz.com

mcclureic.xyz

inthekitchenshakinandbakin.com

busy-clicks.com

melaniemorris.online

Targets

- Target
  
  remittance advice_001001098.exe
- Size
  
  331KB
- MD5
  
  7877a7074c688baf439f7ec1ab150682
- SHA1
  
  6c2539fb927b57388866f1c072cdf681b585fb2a
- SHA256
  
  08ade6bd3efcd20c80defdde936ef1329713af42d28889ffb69ba26b321a297f
- SHA512
  
  6e5dff775fe478634fc3553b0bed3e9e9fda7a956cc17743f2b1b27e06256008ba7bc229d55a409cb710f078c97b70bb709c764b9fc144c0700d77dab6f83402
Score

10^/10

xloader e8ia loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Blocklisted process makes network request

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2