xloader

General

Target

Package Details.exe
Size

432KB
Sample

220119-ctm2laegfp
MD5

238a711fcfa7ed1c1556236e91227193
SHA1

fd5a53af42d006ba81383e4b4224d2b4807f3f01
SHA256

c08635756f84fd0564e081544cb5c5b2130d14b1a0965be3f971be131f401b70
SHA512

bda31ced6f234ff81e4957d297d29018caeed9053d5061505b84729118774885245b6fe2604dd010de3e6f81f7f39b78e2de5000d1a10d992c5b9d3974fffee3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rexd

Decoy

xn--2es77o3w1bruk.mobi

cotesaintetienne.com

newlifefoursquaremcpherson.com

solutions-consulting.biz

chsico.com

demeet.xyz

eiruhguijire.store

realestatemoda.com

amr-fire.net

99v.one

altdaita.com

showerbeast.com

nsfone.com

doanhnhanvietnam.info

xn--transfpanou-39a.com

invitiz.com

chifaebio.xyz

footprint-farm.com

onlinenurseprograms.com

tigeratlspa.com

Targets

- Target
  
  Package Details.exe
- Size
  
  432KB
- MD5
  
  238a711fcfa7ed1c1556236e91227193
- SHA1
  
  fd5a53af42d006ba81383e4b4224d2b4807f3f01
- SHA256
  
  c08635756f84fd0564e081544cb5c5b2130d14b1a0965be3f971be131f401b70
- SHA512
  
  bda31ced6f234ff81e4957d297d29018caeed9053d5061505b84729118774885245b6fe2604dd010de3e6f81f7f39b78e2de5000d1a10d992c5b9d3974fffee3
Score

10^/10

xloader rexd loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2