xloader

General

Target

bnxcvbzxvxzvxzvzxvzx.exe
Size

680KB
Sample

220209-zcafhabffk
MD5

d5025c93cb55f4249b4a25a56725a052
SHA1

50b93b51d0ffa4baffd40bf96b3967b115886d5d
SHA256

6893bbff4695dce3754071670e11d7e7d310ad196b57cdb41cd8c3cd7ea3d8f3
SHA512

754c71110c83a092bf18ed15ee56cffd3661d0f0801faa9189ce908a0fd1747422d4f73c751d12f10e18a0378abd9b77a099d6a9dc5153725ee26fad32699fc3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

be4o

Decoy

neonewway.club

kuanghong.club

7bkj.com

ooo-club.com

kamchatka-agency.com

sjsndtvitzru.mobi

noireimpactcollective.net

justbe-event.com

easypeasy.community

southcoast.glass

janhenningsen.com

jmxyjj.com

tarihibilet.com

nagradi7.com

percentrostered.net

certvaxid.com

kingseafoodsydney.com

blacksheepwalk.com

waktuk.com

inteligenciaenrefrigeracion.com

Targets

- Target
  
  bnxcvbzxvxzvxzvzxvzx.exe
- Size
  
  680KB
- MD5
  
  d5025c93cb55f4249b4a25a56725a052
- SHA1
  
  50b93b51d0ffa4baffd40bf96b3967b115886d5d
- SHA256
  
  6893bbff4695dce3754071670e11d7e7d310ad196b57cdb41cd8c3cd7ea3d8f3
- SHA512
  
  754c71110c83a092bf18ed15ee56cffd3661d0f0801faa9189ce908a0fd1747422d4f73c751d12f10e18a0378abd9b77a099d6a9dc5153725ee26fad32699fc3
Score

10^/10

xloader be4o loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2