xloader

General

Target

bad.iso
Size

196KB
Sample

220131-lscnxaghgp
MD5

65e435e102606d758f8dab0745756333
SHA1

0cc87f417db5d9d36418227df7db54bba63ab47e
SHA256

3b8327109b5de3070665031364a6f62f550129d78caa71db624bff66033c775c
SHA512

1ea8dcc4ff74353cf44e74fe169524cd9170972c7d07a4f030a8e018d26eae0c53eb778c2071869ea98077e9eb4ed5f82cb5a2a4a2ce9e3e0155f1ff5e7e485c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

iepw

Decoy

isabellechiritoiabogada.com

singaporeimpact.com

mdcxdgkr.com

fivestasrelectriccorp.com

apaspaa.com

datashen.com

yh2.space

remediationnews.com

randlesrice.com

mailclic.digital

n83a.com

wmeacc.com

cahuvoa.xyz

h0t-now.com

admtrans.com

yghdlhax.xyz

bakshipping.com

ambermariemusic.com

mandelbot.tech

cryptoassetmanager.xyz

Targets

- Target
  
  nueva lista de pedidos n.º 002622.exe
- Size
  
  134KB
- MD5
  
  9de0585b387bb800a3c7758a07d0b713
- SHA1
  
  8f21c5cd550d80490963519a5021a57ad811c26e
- SHA256
  
  e20b3c660b0883091a7f144bcd97e45d74ba36a52d316d5be36b6d9c390dc490
- SHA512
  
  04702df8c0af6389ac2974fc2959ff6681de04dfb5eb7d8e24e965ab0a057218b73b18c382235f0b66338ef21daeccf5586d4f724d14681258300c1cb1aec94f
Score

10^/10

xloader iepw loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2