xloader

General

Target

attachments.zip
Size

338KB
Sample

220128-s38mnafhbn
MD5

00ab90d2d2226e317be2a514347ced0d
SHA1

da3e5ebd0dacafc79f88d038744531e8d1b48173
SHA256

b195e8f91a3465794595505dd2300b00d76841883eba905d5c09b74654b946f2
SHA512

2f0c7eb5d626ac3c7be75c9707f2f5ca482ba11f494d1c8bc218886d702a28897d009c44702a785af8bcac36de830624d8361c97fd930f34e9462b5dcca91f8d

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

iifn

Decoy

ramaseturs.com

yinhejump.top

realmendrinkwater.store

storyconnect.pro

likehisskin.com

miaoobaby.com

whistleittome.com

icrinc-inc.com

applelost-support.info

tenloe042.xyz

xiaoyaoshike.xyz

frontdukkan.online

disparatadora.xyz

dskensho326.xyz

fsol.pro

rootpresidential.xyz

tejidosvianey.com

diapazon-med.store

suicidestars.com

fadilacatering.com

Targets

- Target
  
  QUOTATION REVIEW.exe
- Size
  
  382KB
- MD5
  
  6de1fe838e482853719ca575540a92b0
- SHA1
  
  9fa044e5e1189948b65fea2e778fabc2c98929d5
- SHA256
  
  09c176d0c7251e2c64e8cc619bd2b20be37d9b4b1eac19962d2a1b68f7a4535a
- SHA512
  
  8d9549973563356ad07eb2462320f36701f2244f78a4a20451ea9132d6dc30de01ab445d9392e4b0d594e3f379fa9b7c16154726829d8b8c90e2f22de0e7f124
Score

10^/10

xloader iifn loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2