xloader

General

Target

dhl Shipment of Original Documents.7z
Size

384KB
Sample

220405-xprt7sfaeq
MD5

201427b56826da739af4ac6224685aa2
SHA1

65ec9fce281a5a584f97f5a4ad2ba6607f4b4687
SHA256

d40e7bfcb2c388e14ec03a7318cf1a66fb6b3ee43f065bf71ac60e40e28f2f82
SHA512

64e405fde8dfe2a694af0e935178eac01b457396fefa8087f00a8e8eadc026f19271029796ae4ab41f11b0d01b096c3f03aff9bfa5e32a6986c9d140b9ab9b87

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

n8bs

Decoy

monese-bank.com

silkypumps.xyz

tashabouvier.com

eduardoleonsilva.com

pinnaclecorporaterentals.com

megafluids.com

worldwidecarfans.com

benjamlnesq.com

unitedraxiapp.com

thetanheroes.com

jypmore.quest

indianasheriffs.biz

saintinstead.com

alldansmx.com

trulyproofreading.com

indotogel369.com

mermadekusse.store

radosenterprisellc.com

gseequalservices.com

techride.xyz

Targets

- Target
  
  dhl Shipment of Original Documents.exe
- Size
  
  553KB
- MD5
  
  a82c07f002aa3512a000eecebf425af6
- SHA1
  
  f21fed9c74a59cb2ca81a9ac0d32253c0e80b77b
- SHA256
  
  48642cfdf59906d5b22ec805f79b953e37a44d4dad2bef8b55e5155dfe92ad55
- SHA512
  
  fdde17438c1c68361acc91f89bf77d8ab1d74ad55a9eb4fab62499aacb0085b8fdf137463c0ee70d6b3735632351589923261ffdccb8ac3a8997979887aebc66
Score

10^/10

xloader n8bs loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2