xloader

General

Target

tmp
Size

659KB
Sample

220428-p7nw9sbgh5
MD5

680597e569b66c1c77f1f3ef9d145080
SHA1

c21684c64fe6ff4ea94691a035b47cfec7dcfb05
SHA256

8ecc7ecdce9763d43b61041cbc6c2151fc8583a01af584f7f5fe0999d127aaf6
SHA512

c9d2613706df5b2ed82f5650a1812565441e1d09f733cfbf11f14e6e53d92d12a7a827b272de6605c0230165c7526aea925ef53cdd148fbf6fa8bee86714c540

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ocgr

Decoy

shiftmedicalstaffing.agency

muktobangla.xyz

attmleather.com

modelahs.com

clime.email

yonatec.com

mftie.com

doxofcolor.com

american-atlantic.net

christineenergy.com

fjqsdz.com

nagpurmandarin.com

hofwimmer.com

gororidev.com

china-eros.com

xn--ekrt15fxyb2t2c.xn--czru2d

dabsavy.com

buggy4t.com

souplant.com

insurancewineappraisals.com

Targets

- Target
  
  tmp
- Size
  
  659KB
- MD5
  
  680597e569b66c1c77f1f3ef9d145080
- SHA1
  
  c21684c64fe6ff4ea94691a035b47cfec7dcfb05
- SHA256
  
  8ecc7ecdce9763d43b61041cbc6c2151fc8583a01af584f7f5fe0999d127aaf6
- SHA512
  
  c9d2613706df5b2ed82f5650a1812565441e1d09f733cfbf11f14e6e53d92d12a7a827b272de6605c0230165c7526aea925ef53cdd148fbf6fa8bee86714c540
Score

10^/10

xloader ocgr loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2