xloader

General

Target

loader4.exe.bin
Size

267KB
Sample

220216-c5jtbaceaq
MD5

a745520f45bced7375d4e918a82c0517
SHA1

5fe7418c073c45eebbd6d12220cd63a49ea4f122
SHA256

22099fbafc3dda95912c51aa0c313826f21e2fe84ef51453c649f66ab29c6916
SHA512

caa99e83e30c03a90e97c09f296eb2530e08da47957b4aa632909ffae9a2c929cf641496fbc9640598e1dca05f269b950b3ce8c10b198af0180684581e6dc194

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ndf8

Decoy

cantobait.com

theangularteam.com

qq2222.xyz

floridasteamclean.com

daffodilhilldesigns.com

mindfulagilecoaching.com

xbyll.com

jessicaepedro2021.net

ccssv.top

zenginbilgiler.com

partumball.com

1681890.com

schippermediaproductions.com

m2volleyballclub.com

ooiase.com

sharingtechnology.net

kiminplaka.com

usedgeartrader.com

cosyba.com

foodfriendshipandyou.com

Targets

- Target
  
  loader4.exe.bin
- Size
  
  267KB
- MD5
  
  a745520f45bced7375d4e918a82c0517
- SHA1
  
  5fe7418c073c45eebbd6d12220cd63a49ea4f122
- SHA256
  
  22099fbafc3dda95912c51aa0c313826f21e2fe84ef51453c649f66ab29c6916
- SHA512
  
  caa99e83e30c03a90e97c09f296eb2530e08da47957b4aa632909ffae9a2c929cf641496fbc9640598e1dca05f269b950b3ce8c10b198af0180684581e6dc194
Score

10^/10

xloader ndf8 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2