xloader

General

Target

CRYPTO INVOICE APPROVED.pif
Size

250KB
Sample

220128-rl9yqaecbn
MD5

9eb725df8f30e3dae7b3197a1783eaea
SHA1

7484f0d4ff29b450339c24c40b771f88e2d907d7
SHA256

f55c9c2bdda3ecb1e3404ec6c003f146204ed5fd550b6de28a50ee1bdfb722c4
SHA512

9be53f3c9e0dd9218bd197c09f232a5f3af7470a14b7f58ab346d3ee6a8155ec739416d57053ae7f0429a3483ed6babb69ff70b2195bea794f853529663ca17d

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rmfg

Decoy

prospectcompounding.com

grand-prix.voyage

solvingpklogc.xyz

eliamhome.com

gamevip88.club

arsels.info

dswlt.com

dchehe.com

lawyerjerusalem.com

pbnseo.xyz

apuryifuid.com

kiukiupoker88.net

leannonimpact.com

kare-furniture.com

mississaugaremax.online

zpyh198.com

dueplay.store

naimi.ltd

greenstepspodiatry.com

cewirtanen.com

Targets

- Target
  
  CRYPTO INVOICE APPROVED.pif
- Size
  
  250KB
- MD5
  
  9eb725df8f30e3dae7b3197a1783eaea
- SHA1
  
  7484f0d4ff29b450339c24c40b771f88e2d907d7
- SHA256
  
  f55c9c2bdda3ecb1e3404ec6c003f146204ed5fd550b6de28a50ee1bdfb722c4
- SHA512
  
  9be53f3c9e0dd9218bd197c09f232a5f3af7470a14b7f58ab346d3ee6a8155ec739416d57053ae7f0429a3483ed6babb69ff70b2195bea794f853529663ca17d
Score

10^/10

xloader rmfg loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2