xloader | 7b1e3f1a9ad87103ba269b15bd375eccf8b58e259b250e828a2471d60b49e26f | Triage

Sharing

General

Target

7b1e3f1a9ad87103ba269b15bd375eccf8b58e259b250e828a2471d60b49e26f
Size

337KB
Sample

220309-kmdhksadaq
MD5

21f856570f2c5673eab1f1296695ac74
SHA1

eccec357210b80e403163467ead1e708e957c2e6
SHA256

7b1e3f1a9ad87103ba269b15bd375eccf8b58e259b250e828a2471d60b49e26f
SHA512

574ffe3f903d8262f38733d953526d21b7aeca11b4ca6c4f8a188f098202c11607475b774e4898368eff95bbec8eb66b43dd2475011bfb891667a5f98768792b

Score

10^/10

xloader p2a5 loader rat suricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p2a5

Decoy

gorillaslovebananas.com

zonaextasis.com

digitalpravin.online

memorialdoors.com

departmenteindhoven.com

vipulb.com

ruyibao365.com

ynpzz.com

matthewandjessica.com

winfrey2024.com

janetride.com

arairazur.xyz

alltheheads.com

amayawebdesigns.com

califunder.com

blacksource.xyz

farmasi.agency

ilmkibahar.com

thinkcentury.net

eskortclub.com

Targets

- Target
  
  7b1e3f1a9ad87103ba269b15bd375eccf8b58e259b250e828a2471d60b49e26f
- Size
  
  337KB
- MD5
  
  21f856570f2c5673eab1f1296695ac74
- SHA1
  
  eccec357210b80e403163467ead1e708e957c2e6
- SHA256
  
  7b1e3f1a9ad87103ba269b15bd375eccf8b58e259b250e828a2471d60b49e26f
- SHA512
  
  574ffe3f903d8262f38733d953526d21b7aeca11b4ca6c4f8a188f098202c11607475b774e4898368eff95bbec8eb66b43dd2475011bfb891667a5f98768792b
Score

10^/10

xloader p2a5 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderp2a5loaderratsuricata