xloader

General

Target

VESSEL DESCRIPTION MV BERKAY N - IMO NO 9524827_PDF.7z
Size

357KB
Sample

220131-phstxshbcn
MD5

026a7cf8124919cfa148613d35939397
SHA1

5530a07c5469a77673fdc874c2c7614e1dfb6df5
SHA256

1bc0a120ac4b42b8463e8ab3fccaba54c810fa75475e5606a65ea371e7987782
SHA512

89f62c989b6fb26d2edbee9d08dd37793f76ac0ffb753ba4edeaf480b24250efcd1251ffaedfd285e3d0c0a9f60506b08497b7808de289cd937c2d3eb0df196d

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b23k

Decoy

foxsistersofhydesville.com

jetronbang.com

agriturismopartingoli.com

ihiinscus.com

zaksrestaurants.store

aspetac.com

ycjhjd.com

fountainspringscapemay.com

earlydose.com

nocodebelgium.com

65235.xyz

yasesite.com

steeltoilets.com

xceqa.xyz

2021udtv.com

belorusneft.top

the4asofdekhockey.com

gertexhosiery.com

fidelismortgages.com

bellacomoninguna.com

Targets

- Target
  
  VESSEL DESCRIPCTION MV BERKAY N - IMO NO 9524827_PDF.exe
- Size
  
  483KB
- MD5
  
  703540c2c3e8296b85f9860e4735d773
- SHA1
  
  a13a05a927377e54a006dcdf1a7b79e278eaee58
- SHA256
  
  95d52da676d92728d35e9fa0e6a49dc451dc83eadb8beb0ba0f2a3b891a69696
- SHA512
  
  ae70b95556b5263c7f4241ac24d0dd10d201f4858035359a8be41206c4778d164e768ac3ba0be6cd95c8ee38fafcdfb86ffe851e6e51e93b3520f8cdb8ce8ed6
Score

10^/10

xloader b23k loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2