xloader

General

Target

110322Payment Advice.img.iso
Size

310KB
Sample

220312-lssp5aecgm
MD5

c7419b425343a9f6734ba81a6db03f3a
SHA1

5e5e94b09518f300f214012f650affed33f1f04a
SHA256

b926e5e1a831d7c2db2fecb803943b65e2ee235e2995d62efc36fbbbb5b1b916
SHA512

2b395667546f193e76321647c625f57071755a7fcc3a4c776031374dc2fdd6e87e78480e54935770e62573f299d284cfd2ae0265e5ff8d9908c52760b5769754

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

be4o

Decoy

neonewway.club

kuanghong.club

7bkj.com

ooo-club.com

kamchatka-agency.com

sjsndtvitzru.mobi

noireimpactcollective.net

justbe-event.com

easypeasy.community

southcoast.glass

janhenningsen.com

jmxyjj.com

tarihibilet.com

nagradi7.com

percentrostered.net

certvaxid.com

kingseafoodsydney.com

blacksheepwalk.com

waktuk.com

inteligenciaenrefrigeracion.com

Targets

- Target
  
  110322Payment Advice.img.exe
- Size
  
  249KB
- MD5
  
  f3e667cfdaab4b2c48deb58a2bfbb2e7
- SHA1
  
  7f6990e35ee10a42563626c9e9a62e1700866c9a
- SHA256
  
  bc0de8eda13f83b92b696086e054c0d2fe64cc1186ab36ed84fa58eb8e8c7906
- SHA512
  
  d8eda03fa256ed1a3d0b05bf960d282618fa5d6a9cd8cc270969d33a394c83619d6b517e34538381b51b83fe1d1fd266d1efa6d579a9e72c763fa5c2a521d09f
Score

10^/10

xloader be4o loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2