xloader

General

Target

PAYMENT INSTRUCTIONS COPY.exe
Size

338KB
Sample

220225-lfw7sahaaq
MD5

c3ed9e3e0a175a9b8cf5cf02598e99b1
SHA1

444452c7815dc8fb47ad829af43ec0527f6bcc57
SHA256

37fb6b86524033fb07847e3550977bd8028701039465431bd89a33e870ff2c4d
SHA512

632e314f921bf8a13f2f04aa2270b87fa7e29f00e35d941260f24c1d08b1bcfae8b58823629bed3d2c5d6bf480619c8aa97523ca33d1d68ce3ea2a90bd3fd363

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

yrcy

Decoy

sturlabas.com

tantrungcompany.com

wildgraceyogahealing.com

wsparalegal.com

8xhgq.xyz

mysaylav.com

amelntl.net

cooleshow.online

adventuresbydisneyathome.com

sprinklekart.com

prostitutkitambovasuck.info

pakdao.com

finsith.com

nightpartner82.xyz

sex9a4ufbj.com

ketohousee.com

mairie-les-cammazes.com

elebots.xyz

highqualityremodeling.net

teamsterslocal553.com

Targets

- Target
  
  PAYMENT INSTRUCTIONS COPY.exe
- Size
  
  338KB
- MD5
  
  c3ed9e3e0a175a9b8cf5cf02598e99b1
- SHA1
  
  444452c7815dc8fb47ad829af43ec0527f6bcc57
- SHA256
  
  37fb6b86524033fb07847e3550977bd8028701039465431bd89a33e870ff2c4d
- SHA512
  
  632e314f921bf8a13f2f04aa2270b87fa7e29f00e35d941260f24c1d08b1bcfae8b58823629bed3d2c5d6bf480619c8aa97523ca33d1d68ce3ea2a90bd3fd363
Score

10^/10

xloader yrcy loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2