xloader

General

Target

enquiry no. 2770034921.exe
Size

381KB
Sample

220127-r12kwsecgn
MD5

5dde426d4383be37f818ee1205c50e11
SHA1

060c70157ceea0b08243a53e4baae2331b4449f8
SHA256

3f277a6819833eb0c7feab4e952301b4bac883e38ec8bd266093b6757d1920e8
SHA512

3b56d429b5d471cda4a8087dca70d74093bc3ac55a0cefba7949a76b254927d1ccadbbbf5a60554162817e930ed83ecf1515745763c0f13680c4ca9548054ac3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gab7

Decoy

mbb11.xyz

taishancable.com

karaoke-sega.com

mana-space.com

danielandkaela.com

ancorasports.com

magentaclass.com

tenloe045.xyz

colorbold.com

5starrentertainment.com

candgconstructiontx.com

664cqi.com

alexeykazakov.com

umrashed.space

thepowerof10.club

scotchwoodofficeworks.com

anelis.digital

label34.group

karimico.com

dogsforsaleinkenya.com

Targets

- Target
  
  enquiry no. 2770034921.exe
- Size
  
  381KB
- MD5
  
  5dde426d4383be37f818ee1205c50e11
- SHA1
  
  060c70157ceea0b08243a53e4baae2331b4449f8
- SHA256
  
  3f277a6819833eb0c7feab4e952301b4bac883e38ec8bd266093b6757d1920e8
- SHA512
  
  3b56d429b5d471cda4a8087dca70d74093bc3ac55a0cefba7949a76b254927d1ccadbbbf5a60554162817e930ed83ecf1515745763c0f13680c4ca9548054ac3
Score

10^/10

xloader gab7 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2