xloader | 5598831a8a17b53751f4c34112c7c4b42d4906a6e73d60018ae8d499ce605580 | Triage

Sharing

General

Target

5598831a8a17b53751f4c34112c7c4b42d4906a6e73d60018ae8d499ce605580
Size

706KB
Sample

220223-p8w92abeck
MD5

953708e0cefbd35c124e526d9f7bd4d2
SHA1

5c3437b790aaca62b048c38f53584aedb6aaa118
SHA256

5598831a8a17b53751f4c34112c7c4b42d4906a6e73d60018ae8d499ce605580
SHA512

1b21b714b95ae43200b652178a99b815ac6f95a3e411497cf21592e3ecb788fe8e813a5d55299c044a3ec6ad362e584cce132801efcc2c64cc85324636969960

Score

10^/10

xloader vfm2 loader rat suricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

vfm2

Decoy

alfaiptvturkiye.com

snagged.xyz

sarrosh.com

jpitkin.com

shiningproent.com

welcommon.com

oglesheatandair.com

qtomdnwj.xyz

threemee-pictures.com

refractory.online

ethercut.com

uniformityenegotiate.com

hawktech.club

adventplus.online

tuntun-newmarket.com

tiendasnea.online

thegranitegalleria.com

trawk.club

gold2guide.art

skphoolmakhana.com

Targets

- Target
  
  5598831a8a17b53751f4c34112c7c4b42d4906a6e73d60018ae8d499ce605580
- Size
  
  706KB
- MD5
  
  953708e0cefbd35c124e526d9f7bd4d2
- SHA1
  
  5c3437b790aaca62b048c38f53584aedb6aaa118
- SHA256
  
  5598831a8a17b53751f4c34112c7c4b42d4906a6e73d60018ae8d499ce605580
- SHA512
  
  1b21b714b95ae43200b652178a99b815ac6f95a3e411497cf21592e3ecb788fe8e813a5d55299c044a3ec6ad362e584cce132801efcc2c64cc85324636969960
Score

10^/10

xloader vfm2 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xloadervfm2loaderratsuricata