xloader

General

Target

triage_dropped_file
Size

308KB
Sample

220311-p5ssfacedq
MD5

e41def555743c430d0def4a513de4d96
SHA1

7c90a41062f1f867a1ae0bdeb1d37ca72cd2b95e
SHA256

1190df73979f3dc768713f51fcf6e2eb439b95caf7c4a2b998c377ea5a35e9d5
SHA512

331add20592a9cd8336bc902fe0f4934f6b50866904eb60f4cc3e6046c5edf8d29b5e901cc37f1619ffed9ae83201bbb93d165297ba41dda655b533870e722b6

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

Targets

- Target
  
  triage_dropped_file
- Size
  
  308KB
- MD5
  
  e41def555743c430d0def4a513de4d96
- SHA1
  
  7c90a41062f1f867a1ae0bdeb1d37ca72cd2b95e
- SHA256
  
  1190df73979f3dc768713f51fcf6e2eb439b95caf7c4a2b998c377ea5a35e9d5
- SHA512
  
  331add20592a9cd8336bc902fe0f4934f6b50866904eb60f4cc3e6046c5edf8d29b5e901cc37f1619ffed9ae83201bbb93d165297ba41dda655b533870e722b6
Score

10^/10

xloader ahc8 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2