xloader

General

Target

ada88465652140cfa9ae8955370fc40f
Size

656KB
Sample

220211-nk1f4sebhk
MD5

ada88465652140cfa9ae8955370fc40f
SHA1

e13c0564f3662230c11537366d1568c5c3825513
SHA256

6e6e18a85c523bfffd1b5293b978832f7387fda9b9eee87d3d8e98666fe020c9
SHA512

2e288e1d465c0babe87f52417dea9822dafe0aa21448468c2a38c1d72e9b933ed38b06a1cb1a0ea34ac9100b8faa9603117f01697c22c0ab25156787cb8ca51f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

w6ot

Decoy

zerodawnprime.com

chunhejingming.com

estrellafiamma.biz

meetbotique.com

westernghatsstudyabroad.com

madysenlenihancoaching.com

c2batlrjm05uzzjnamm8627.com

sasamamai.com

softcherry.club

iputtbetter.store

sointuboete.quest

mahadevwardrobe.online

goedkope-ladegeleiders.online

g3taquotea.info

987vna.club

justdodge.net

b95202.com

dwabiegunyfotografii.com

entrustqlxorx.online

busineschatcom.com

Targets

- Target
  
  ada88465652140cfa9ae8955370fc40f
- Size
  
  656KB
- MD5
  
  ada88465652140cfa9ae8955370fc40f
- SHA1
  
  e13c0564f3662230c11537366d1568c5c3825513
- SHA256
  
  6e6e18a85c523bfffd1b5293b978832f7387fda9b9eee87d3d8e98666fe020c9
- SHA512
  
  2e288e1d465c0babe87f52417dea9822dafe0aa21448468c2a38c1d72e9b933ed38b06a1cb1a0ea34ac9100b8faa9603117f01697c22c0ab25156787cb8ca51f
Score

10^/10

xloader w6ot loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2