xloader

General

Target

Order-711493-pdf.pif
Size

296KB
Sample

220120-m71jyshfgr
MD5

7dc82eb8ad4d78c1fb2534eef4fb10fd
SHA1

a6f61ab9754a38151026dd6e94a97459723c8add
SHA256

32202111654172f16eab4a33849af61e651680218d44e657b719b56789976561
SHA512

7365a7a32a8c0227c70c93cc51a7a9235606af4c27acdceb531766dfad57b6f481f850b173f542c846d899f2172d60c8580f3febe3516d512500d3662fa92513

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uar3

Decoy

sgadvocats.com

mjscannabus.com

hilldaley.com

ksdollhouse.com

hotgiftboutique.com

purebloodsmeet.com

relaunched.info

cap-glove.com

productcollection.store

fulikyy.xyz

remoteaviationjobs.com

bestcleancrystal.com

virtualorganizationpartner.com

bookgocar.com

hattuafhv.quest

makonigroup.com

officecom-myaccount.com

malgorzata-lac.com

e-learningeducators.com

hygilaur.com

Targets

- Target
  
  Order-711493-pdf.pif
- Size
  
  296KB
- MD5
  
  7dc82eb8ad4d78c1fb2534eef4fb10fd
- SHA1
  
  a6f61ab9754a38151026dd6e94a97459723c8add
- SHA256
  
  32202111654172f16eab4a33849af61e651680218d44e657b719b56789976561
- SHA512
  
  7365a7a32a8c0227c70c93cc51a7a9235606af4c27acdceb531766dfad57b6f481f850b173f542c846d899f2172d60c8580f3febe3516d512500d3662fa92513
Score

10^/10

xloader uar3 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2