xloader

General

Target

virement file gfx256.exe
Size

219KB
Sample

220421-mp8slsafbn
MD5

4105db4e41a2c9399768201b068a2a8c
SHA1

d89976b120c88dc5cd57fc78a35d5474f53a34bb
SHA256

41752d18a6da546687259e730e12313a804b313d041631262df801ef5d092569
SHA512

9380a3dfa62d3baf8b41102a04104da523d3cd5e871ee955abd49230f4fa063fbc9205dad6202856a8b7edd063d44556b0ae282577590782c4a4d5dbd950a883

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cbgo

Decoy

santesha.com

britneysbeautybar.com

sh-cy17.com

jeffcarveragency.com

3117111.com

sobrehosting.net

ddm123.xyz

toxcompliance.com

auditorydesigns.com

vliftfacial.com

ielhii.com

naameliss.com

ritualchariot.com

solchange.com

quatre-vingts.design

lawnmowermashine.com

braceletsstore.net

admappy.com

tollivercoltd.com

vaidix.com

Targets

- Target
  
  virement file gfx256.exe
- Size
  
  219KB
- MD5
  
  4105db4e41a2c9399768201b068a2a8c
- SHA1
  
  d89976b120c88dc5cd57fc78a35d5474f53a34bb
- SHA256
  
  41752d18a6da546687259e730e12313a804b313d041631262df801ef5d092569
- SHA512
  
  9380a3dfa62d3baf8b41102a04104da523d3cd5e871ee955abd49230f4fa063fbc9205dad6202856a8b7edd063d44556b0ae282577590782c4a4d5dbd950a883
Score

10^/10

xloader cbgo loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2