xloader

General

Target

Scan0198DHL-pdf.iso
Size

442KB
Sample

220127-hnnzlahafr
MD5

e34ccab4edbbdaa34e2acc66fd982f2c
SHA1

633d28c743b48d7bac1e4f9a939596a2869d5d43
SHA256

b085e2188664b7699e817d28ebd248569e6981c21cf7efcdabb20532c47dc88a
SHA512

810e45a4ab5b138f5dc0a70b57c371ab564b2b975bebbfedb11a1bffb11bb84e03e24dbf606a04bdf427e28df5fcbdb3164f7e2e5ab6779599c05e41144b8886

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pout

Decoy

leadergaterealty.com

k7bsz.info

laidjapp1.com

eastcountytaxi.com

betterlife-uae.com

materaiku.com

chanhxebinhthuan-hcm.online

06gjm.xyz

67t.xyz

here-we-meet.com

screened-articletoseetoday.info

lucykg.club

mujdobron.quest

susakhi.com

funtabse.com

unlimitedpain.com

2ed58fwec.xyz

weighttrainingexpert.com

allisonsheillax.com

yektaburgers.com

Targets

- Target
  
  Scan0198DHL-pdf.exe
- Size
  
  381KB
- MD5
  
  8656201f1f8783272ae26af18738b3be
- SHA1
  
  8e58965b093a142c39972f3e20f6e68668f1ff35
- SHA256
  
  d3ff7ff9f8508bfdba95e8f26e0f4a31fc2c12376248de452e2d6fc349abc870
- SHA512
  
  edc48617d537138cbef5c21b11c85c6409371c0fc0b7fd6da897f17193dbe8d7650f11419fa82daedf637b0125655307fcb39ef7121fc12f5c7da9d037d79338
Score

10^/10

xloader pout loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2