xloader

General

Target

cotizaci�n_1782902.daa
Size

462KB
Sample

220504-ggv9nadbc5
MD5

b17de278dc5d8795285e1706ce3ad9c7
SHA1

0881d84d65e48450a5859c5f28593fb08d4afab7
SHA256

4456d9055df856153b932872a02fbb44e4e11012b2b0123195a5a84e6f41b87f
SHA512

bd66af5cee74f07e87d39d0430733c04cdbd042b05ce7909e37f939cc2a0837fa20f2336af8579b13ebe431251fd6e985fbf2ad4656200003516cc22640f556f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

snjq

Decoy

codezonesoftware.xyz

traexcel.com

smalltowncontractors.com

classicalequestrianacademy.com

jlvip1066.com

ovacup.online

foodcravings2312.com

dbelnlogoro.quest

valeriebeijing.com

steri-spiral.com

envisionpoolsnd.biz

adclw.net

smartaf5.xyz

tech4ad.com

trimilos.info

blockplace.club

gunpowderz.com

nayrajewels.com

fapcxi.xyz

mentication.com

Targets

- Target
  
  cotización_1782902.exe
- Size
  
  498KB
- MD5
  
  60cb897960cc1e4a74cde6395e74dbfe
- SHA1
  
  18a97dfd7176f8f07334d2f3836f1226f2220a4a
- SHA256
  
  a6900f47fa0f0d76b67e1c4fe017dad2665e52185327c9bbd905514cbcf7728c
- SHA512
  
  11fe445244943a3b588817369f0adf7aaa03f4a592c68eb604679c8f77ca44f9af786570d06180b87f67284effe29d695c3585ac83b34a1eaaa97a02e395c34c
Score

10^/10

xloader snjq loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2