xloader

General

Target

BANK SLIP.ace
Size

35KB
Sample

220125-jqzpjsbeel
MD5

2fa379dfc8362f9ed9dd90c12457d77b
SHA1

69defc6fd6dfb94652d7a7b264c934f9ae251aa7
SHA256

26ab9161cb4a010e18a98d3d4c43836dbb9a896c6a190991df32aa954bc33c9c
SHA512

91a80d7a646d2391cd293367150fb86987fcece55c99f8ab8d3f163aa7bb1df2fb4b3e722c8b2afaf6ce4446cefdde16557a6e1cc5a00eb411fdbc8f1ca007df

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

zqzw

Decoy

laurentmathieu.com

nohohonndana.com

hhmc.info

shophallows.com

blazebunk.com

goodbridge.xyz

flakycloud.com

bakermckenziegroups.com

formation-adistance.com

lovingearthbotanicals.com

tbrservice.plus

heritagehousehotels.com

drwbuildersco.com

lacsghb.com

wain3x.com

dadreview.club

continiutycp.com

cockgirls.com

48mpt.xyz

033skz.xyz

Targets

- Target
  
  BANK SLIP.exe
- Size
  
  574KB
- MD5
  
  e31713764cfbbbe5c54f25a5cdeff52c
- SHA1
  
  5af188609cc8e2eac3795480ec9d1edd21489450
- SHA256
  
  a4cb158cc6b760f0e208da10143b34039f21e496d85d87303e7bf66045edbdd9
- SHA512
  
  268cb7bc06d4ef647af1dfb7db6bfb8c2ca50ef75f63455f3f0ca8a55dc7d1c8c1b7d175d54ecbbc5f2baab22519b98688f64824924ca3c14c815735ce9338fa
Score

10^/10

xloader zqzw loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2