xloader

General

Target

HSBC Bank Swift Copy.pdf.exe
Size

752KB
Sample

220128-kg9ntshhgk
MD5

76b0f4441930d3f2f480830681c426e7
SHA1

0b28664196cd55adcc7b82647602db984dd49f61
SHA256

3cc59342fdbb5aa332f7d99216ac3f1ede121e0752e5aaff260e16432c23908d
SHA512

63d7cbcaa3b46cce81727e5baa82e5daa055b3ad95d1fb14086bf2dd2bbd2811400b15e9231a18dc5ab1771c18f2047077baaefe8b970463da947fc650d32884

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rexd

Decoy

xn--2es77o3w1bruk.mobi

cotesaintetienne.com

newlifefoursquaremcpherson.com

solutions-consulting.biz

chsico.com

demeet.xyz

eiruhguijire.store

realestatemoda.com

amr-fire.net

99v.one

altdaita.com

showerbeast.com

nsfone.com

doanhnhanvietnam.info

xn--transfpanou-39a.com

invitiz.com

chifaebio.xyz

footprint-farm.com

onlinenurseprograms.com

tigeratlspa.com

Targets

- Target
  
  HSBC Bank Swift Copy.pdf.exe
- Size
  
  752KB
- MD5
  
  76b0f4441930d3f2f480830681c426e7
- SHA1
  
  0b28664196cd55adcc7b82647602db984dd49f61
- SHA256
  
  3cc59342fdbb5aa332f7d99216ac3f1ede121e0752e5aaff260e16432c23908d
- SHA512
  
  63d7cbcaa3b46cce81727e5baa82e5daa055b3ad95d1fb14086bf2dd2bbd2811400b15e9231a18dc5ab1771c18f2047077baaefe8b970463da947fc650d32884
Score

10^/10

xloader rexd loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2