xloader

General

Target

BANK DETAILS-26012022-971332pdf.gz
Size

41KB
Sample

220128-jdh62ahbdl
MD5

11144b7ff3e80b332b8aea3368f5d638
SHA1

4a4f11974a453dff1d8cc12fc41c1bd0230528ee
SHA256

dacada6f63feabf79c83fb521deb881c687ddb4d3902f3b7e98762d746d993d7
SHA512

d35784ae851c1a45b58af0083b6f531d9f35b73444e22f0b190ffd88eaaf00c88cd828eb0d44dd29d9994a23743d77cf2268fcb42b826699910871bfc22e24d1

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

be4o

Decoy

neonewway.club

kuanghong.club

7bkj.com

ooo-club.com

kamchatka-agency.com

sjsndtvitzru.mobi

noireimpactcollective.net

justbe-event.com

easypeasy.community

southcoast.glass

janhenningsen.com

jmxyjj.com

tarihibilet.com

nagradi7.com

percentrostered.net

certvaxid.com

kingseafoodsydney.com

blacksheepwalk.com

waktuk.com

inteligenciaenrefrigeracion.com

Targets

- Target
  
  BANK DETAILS-26012022-971332pdf.exe
- Size
  
  234KB
- MD5
  
  915102405b44b4eb490450935905b4c5
- SHA1
  
  cc89138f906776cc8ceb6135753bd1bfdc423846
- SHA256
  
  234d944f1c4d9dcb90a6797dc13bf50fa2290da2230d134ee70bc4b7c4143ab8
- SHA512
  
  d34136c97136cdb01cde174506dd02b250894f4427dcac3c0d98dbc2a417db0b1fd15ad950b491b5795fb345ebe4eba175baac23252d3222eb0e5d253adf4615
Score

10^/10

xloader be4o loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2