xloader

General

Target

triage_dropped_file
Size

271KB
Sample

220413-qqlagscdak
MD5

f9a20cce97d6efd9e8d071420a8858b7
SHA1

17680094e9bdefe2f5205729f2b55be2ffca81fa
SHA256

aa9db27b2063f5aee9f97d7d86b883686f51bd030d0b38d6daaed3629a230a7d
SHA512

fb9055d9f19788e0c2d25f3f400165b630ef6f62604d6ee6a764c7a57f5f115737db4187be30641bca16af11d84d3afdde73b0790f5d43f682e10439ed7a1026

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p00n

Decoy

beaniemart.com

sugarlaces.online

kinesio-leman.com

gasfreenft.com

ateneaespai.com

askyourhr.com

recruitloft.com

carolinasbestroofingcompany.com

coacher.online

freshmind.today

help-it.online

nicelink17.com

islandtimeoperations.com

agricurve.net

rizkhr.com

innovatorsincommerce.com

grownwings.com

learningout.store

miaglam.com

tengfeijd8.com

Targets

- Target
  
  triage_dropped_file
- Size
  
  271KB
- MD5
  
  f9a20cce97d6efd9e8d071420a8858b7
- SHA1
  
  17680094e9bdefe2f5205729f2b55be2ffca81fa
- SHA256
  
  aa9db27b2063f5aee9f97d7d86b883686f51bd030d0b38d6daaed3629a230a7d
- SHA512
  
  fb9055d9f19788e0c2d25f3f400165b630ef6f62604d6ee6a764c7a57f5f115737db4187be30641bca16af11d84d3afdde73b0790f5d43f682e10439ed7a1026
Score

10^/10

xloader p00n loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2