xloader | f0ae9d90c4398fa87349000d09a683a6c70487b48fbb05520db4edd5b76236ad | Triage

Sharing

General

Target

f0ae9d90c4398fa87349000d09a683a6c70487b48fbb05520db4edd5b76236ad
Size

1.0MB
Sample

220126-vm2waafegl
MD5

b1ab3afa8e3a73c26f65463635d68aad
SHA1

8a22c9b3e90389c28880402e9f1a5176cea5759c
SHA256

f0ae9d90c4398fa87349000d09a683a6c70487b48fbb05520db4edd5b76236ad
SHA512

01d9fcf1d60626816c1d9721cec27f4bfb9a3085a64a5da5ecaf2e665c8da7b6c98a49e90bea4ef37ced0243a13de30ef1a61beaf346ddb9e0dd1b51f4be082a

Score

10^/10

xloader uhq3 loader rat suricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uhq3

Decoy

lionsclubtunisdoyen.com

artchemindia.com

blaulicht.cloud

szlaaf.com

erucestech.com

gazeteyenidunya.xyz

ps-sac.com

maedatoshiie.site

hothess.com

nbeight.com

sufamiturbo.com

myfamilylegacy.online

cupsnax.com

c2cuae.com

mabibliothequehomepage.online

poultryvet.guide

immobilier-alienor.net

losthegame.com

creditturf.com

skillspedia.net

Targets

- Target
  
  f0ae9d90c4398fa87349000d09a683a6c70487b48fbb05520db4edd5b76236ad
- Size
  
  1.0MB
- MD5
  
  b1ab3afa8e3a73c26f65463635d68aad
- SHA1
  
  8a22c9b3e90389c28880402e9f1a5176cea5759c
- SHA256
  
  f0ae9d90c4398fa87349000d09a683a6c70487b48fbb05520db4edd5b76236ad
- SHA512
  
  01d9fcf1d60626816c1d9721cec27f4bfb9a3085a64a5da5ecaf2e665c8da7b6c98a49e90bea4ef37ced0243a13de30ef1a61beaf346ddb9e0dd1b51f4be082a
Score

10^/10

xloader uhq3 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xloaderuhq3loaderratsuricata