xloader

General

Target

TNT Original Invoice.zip
Size

546KB
Sample

220217-lfac1scadr
MD5

e73e09ed0fa6e97944f58ab5c3956137
SHA1

e1d0c2cf16105d3caff197d7d4258da9e9dc26dc
SHA256

45e267c749907ce85ddcea6f338a015c22419bfe98c9337d7da4e134ca922b11
SHA512

ad1a9c2037e44215e6bba8cd53565a0124f49c3e45d1927d8eacabb396de073dff1a3f4c1f714fd19f7bbe898aea0bcdf4ef8c88e8381924ccaecf23e35b5c2c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

zqzw

Decoy

laurentmathieu.com

nohohonndana.com

hhmc.info

shophallows.com

blazebunk.com

goodbridge.xyz

flakycloud.com

bakermckenziegroups.com

formation-adistance.com

lovingearthbotanicals.com

tbrservice.plus

heritagehousehotels.com

drwbuildersco.com

lacsghb.com

wain3x.com

dadreview.club

continiutycp.com

cockgirls.com

48mpt.xyz

033skz.xyz

Targets

- Target
  
  TNT Original Invoice.exe
- Size
  
  784KB
- MD5
  
  c84db8be1abc6b5c4fe423a2425c9ad6
- SHA1
  
  e21d4d9a20e80be6f9310bfc281bd2c8819d2f57
- SHA256
  
  3c6a613507d90d332e2d4d7f91c7c2ef3135e464e5937b1da1a9c4f749528343
- SHA512
  
  af70ee5050550797a43c49a249c850b543f45ad7998d78ef5fa4d700c66fb2d677e79d213179a64cf23bdc444d2b2ce6c2ba4af129f86fe1127c5e48c94df2cf
Score

10^/10

xloader zqzw loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2