xloader

General

Target

c7a495508b1d56372df84c2cad44b99b65db360c0c31d409fe14d91eacf9072a
Size

884KB
Sample

220206-1kpqtscbgk
MD5

5e5e9d9c078d1026899ef8f4dc41ec5f
SHA1

60298ff1a7c0a752b514e529fc75911a8d72bc59
SHA256

c7a495508b1d56372df84c2cad44b99b65db360c0c31d409fe14d91eacf9072a
SHA512

3eb54480c0b5792a864d74c366a4911a89429ca65cd927a0607084abcd50f4ca925dbdf66232e52e77e2e3f962f0596ae421d19af3fa67fa5cc79b83b19066ff

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

8zdn

Decoy

yourherogarden.net

onlineharambee.net

cerrajeriaurgencias24horas.com

distritoforex.com

verifyclientserverssr.com

dandwg.com

co2-zero.global

joshssl.com

meckwt.com

theammf.com

rawclectic.com

gzgnetwork.com

richmondavenuecoc.com

nicolelyte.com

thetinyclosetboutique.com

llt-group.net

seven-sky-design.com

joganifinancialgrp.com

elementsvapes.com

bingent.info

Targets

- Target
  
  transferir copia_03_05.exe
- Size
  
  823KB
- MD5
  
  4f1a54809ac8e534239bade40b46bfab
- SHA1
  
  cc4ae9e1888fa1071fcccc56f8e46253bd00b99a
- SHA256
  
  3488d309b21afbc3b481320bcf1209908813e2eb8a63df772f740426034b9958
- SHA512
  
  d13542d590ec6482f6c0bbbbf6d504f39c64fd28f8e32ebb239a33193c0afe4cd4e938ca6a966e115aeaa92e21b0581d32cf8a736e764d66b237d573e303a705
Score

10^/10

xloader 8zdn loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2