xloader

General

Target

payment advice.ro9,pdf.exe
Size

607KB
Sample

220127-qaesrsdafr
MD5

5a3452246e02aa71c5d55a89e46cd310
SHA1

07cc96501710f0d80455fe9b5e34d4b9c1a3d05a
SHA256

81fc763d0863d2011499222a0683aed63c881b20ccf70d5775125451bf36b76a
SHA512

7b611c4385dae6bbc09bf9c866d0011e50bbda253917861ae33862f065017424ea97867eae8a02fc69ce24d6d344a8f4af1b38dd2ae6a0681403929fdcfbe4c0

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

tod8

Decoy

shabizy5.com

sattaking-delhiborder01.xyz

venetianmountains.com

vertogaastad.quest

zimalek.com

olympiacrownhotel.com

dubbostorage.online

mosescorrea.com

japanroofing.com

mashareq.store

gdetcz.com

slimmersite.com

aplintec.com

878971.com

charlottesbestroofcompany.com

into-mena.com

newlysupply.com

bianncapace.com

netrew.com

anhecapital.com

Targets

- Target
  
  payment advice.ro9,pdf.exe
- Size
  
  607KB
- MD5
  
  5a3452246e02aa71c5d55a89e46cd310
- SHA1
  
  07cc96501710f0d80455fe9b5e34d4b9c1a3d05a
- SHA256
  
  81fc763d0863d2011499222a0683aed63c881b20ccf70d5775125451bf36b76a
- SHA512
  
  7b611c4385dae6bbc09bf9c866d0011e50bbda253917861ae33862f065017424ea97867eae8a02fc69ce24d6d344a8f4af1b38dd2ae6a0681403929fdcfbe4c0
Score

10^/10

xloader tod8 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2