xloader

General

Target

paking list PO no. 4600033008.exe
Size

929KB
Sample

220404-kbtqesghak
MD5

7a7964624fb816e0e1eb5fbc4f1c60b9
SHA1

67ac0d219fc0f36a8781efbd3ce679d03e7f51da
SHA256

08bb3c1e40fec4d0cec3b6cf4d0cc4363b5f3544358d77ba94611a812f1eac62
SHA512

d6a95b3fd7e0afed8b883660a95c03f761328651b078635483c2f42c8aa295892883e294cc7f93f0532ae4df6c55f45c0f88a0158d4867b821f91a846594fbb7

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

n8bs

Decoy

monese-bank.com

silkypumps.xyz

tashabouvier.com

eduardoleonsilva.com

pinnaclecorporaterentals.com

megafluids.com

worldwidecarfans.com

benjamlnesq.com

unitedraxiapp.com

thetanheroes.com

jypmore.quest

indianasheriffs.biz

saintinstead.com

alldansmx.com

trulyproofreading.com

indotogel369.com

mermadekusse.store

radosenterprisellc.com

gseequalservices.com

techride.xyz

Targets

- Target
  
  paking list PO no. 4600033008.exe
- Size
  
  929KB
- MD5
  
  7a7964624fb816e0e1eb5fbc4f1c60b9
- SHA1
  
  67ac0d219fc0f36a8781efbd3ce679d03e7f51da
- SHA256
  
  08bb3c1e40fec4d0cec3b6cf4d0cc4363b5f3544358d77ba94611a812f1eac62
- SHA512
  
  d6a95b3fd7e0afed8b883660a95c03f761328651b078635483c2f42c8aa295892883e294cc7f93f0532ae4df6c55f45c0f88a0158d4867b821f91a846594fbb7
Score

10^/10

xloader n8bs loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2