xloader

General

Target

RQM6HLsZQYLa9qt.exe
Size

1.3MB
Sample

220328-net25sdhdm
MD5

2d42eded04b592b539951f61742a736a
SHA1

d0c31bc164b18121ceb884859a9a5a5547ee437e
SHA256

02ad8318feb2f8ce745e2cefa321f18d19b7ad72085664371033fada68bd6b91
SHA512

634e5223d883e42be784a02c4882109140ef7a42a781d4142978bf7a3da40ae4c535a5dffca1e26160542338c437fe44ce8f84f8ab32b7df328ad7837517f4ff

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

wdc8

Decoy

mygotomaid.com

joyoushealthandwellnessspa.com

wefundprojects.com

magicbasketbourse.net

vitos3.xyz

oligopoly.city

beauty-bihada.asia

visitnewrichmond.com

crgeniusworld.biz

bantasis.com

transsexual.pro

casagraph.com

eastjamrecords.com

howtotrainyourmustache.com

heiappropriate.xyz

bataperu.com

ces341.com

prajahitha.com

manuelagattegger.com

wolfpackmotorcycletours.com

Targets

- Target
  
  RQM6HLsZQYLa9qt.exe
- Size
  
  1.3MB
- MD5
  
  2d42eded04b592b539951f61742a736a
- SHA1
  
  d0c31bc164b18121ceb884859a9a5a5547ee437e
- SHA256
  
  02ad8318feb2f8ce745e2cefa321f18d19b7ad72085664371033fada68bd6b91
- SHA512
  
  634e5223d883e42be784a02c4882109140ef7a42a781d4142978bf7a3da40ae4c535a5dffca1e26160542338c437fe44ce8f84f8ab32b7df328ad7837517f4ff
Score

10^/10

xloader wdc8 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2