xloader

General

Target

DHL Document.exe
Size

780KB
Sample

220128-zsqsesddfj
MD5

c66df8b380d1db550cb5f0bc5ded67d7
SHA1

080556dec75ae3a4a844fcad0419d9c533c0c0d5
SHA256

6fc6d0526995ef4c7ab87e092759ef93e84495a8c71b9ec36b924bcf7c2fa75c
SHA512

f61d9cf4bbfb99c3cfaa641e7f37e8591b471bf851ea365ba508817812d0d685cab55b8502c3d30c05296f6710a16449d448265e36a2ff1f9ba089e56c3b7a56

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

how6

Decoy

wealthcabana.com

fourfortyfourcreations.com

cqqcsy.com

bhwzjd.com

niftyfashionrewards.com

andersongiftemporium.com

smarttradingcoin.com

ilarealty.com

sherrywine.net

fsecg.info

xoti.top

pirosconsulting.com

fundapie.com

bbgm4egda.xyz

legalfortmyers.com

improvizy.com

yxdyhs.com

lucky2balls.com

panelmall.com

davenportkartway.com

Targets

- Target
  
  DHL Document.exe
- Size
  
  780KB
- MD5
  
  c66df8b380d1db550cb5f0bc5ded67d7
- SHA1
  
  080556dec75ae3a4a844fcad0419d9c533c0c0d5
- SHA256
  
  6fc6d0526995ef4c7ab87e092759ef93e84495a8c71b9ec36b924bcf7c2fa75c
- SHA512
  
  f61d9cf4bbfb99c3cfaa641e7f37e8591b471bf851ea365ba508817812d0d685cab55b8502c3d30c05296f6710a16449d448265e36a2ff1f9ba089e56c3b7a56
Score

10^/10

xloader how6 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2