xloader

General

Target

order request 2.7.22.exe
Size

776KB
Sample

220209-mc56ysabcr
MD5

36a68da59f08a4133dc6204676855f60
SHA1

626fb150dba5ac72254efd16e02c7b0ecb57a376
SHA256

a7264014555068294029d5d9ceb9ee717c4d2bf523330c30cee18f18e55a0b5b
SHA512

d3a8cee0111ce9ab4d8255720b019d38535f733c8cb39496cd1cec0bc6b7f3ec8e5736063da713ce188fa7a563d7387e4accbdf1b0b478b82582aa8bed9ccdc0

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s9ne

Decoy

digital-performance-award.com

fioratti.xyz

designluxre.com

cngangdun.com

restaurantperladelmare.com

davinci65.info

glossmans.com

firstsmileimaging.com

indevmobility.biz

mvptcodesupport.com

crustenc.net

raleighsportsacademy.com

boytoyporn.com

rojaspass.com

acmepaysage.fr

shopatdean.xyz

leonergsteve18870.com

elnahuel.com

ils.network

canto-libero.com

Targets

- Target
  
  order request 2.7.22.exe
- Size
  
  776KB
- MD5
  
  36a68da59f08a4133dc6204676855f60
- SHA1
  
  626fb150dba5ac72254efd16e02c7b0ecb57a376
- SHA256
  
  a7264014555068294029d5d9ceb9ee717c4d2bf523330c30cee18f18e55a0b5b
- SHA512
  
  d3a8cee0111ce9ab4d8255720b019d38535f733c8cb39496cd1cec0bc6b7f3ec8e5736063da713ce188fa7a563d7387e4accbdf1b0b478b82582aa8bed9ccdc0
Score

10^/10

xloader s9ne loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2