xloader

General

Target

tmp
Size

193KB
Sample

220506-rszrbsaab3
MD5

4ef1cf561792490cfc119a6f4b9433cc
SHA1

6c7cfb9a79edeba7859088ca1a1f9da6d236facb
SHA256

25148c38c34edf03d8c2610e75188f9223421978e0a73eec5c8a303ca1280d07
SHA512

ba4d5b504491e9ed078b51235c3f1a6af7ff769a70ff6127297a03c299a6fe8f7ea1bdea158ff2624d2e9949125a3802255350e748ee263befc9e820e9530813

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bs8f

Decoy

atmospheraglobal.com

dontshootima.com

bestofferusde.club

yourdigitalboss.com

breskizci.com

myarrovacoastwebsite.com

reasclerk.com

efrovida.com

wsmz.net

upneett.com

loefflerforgov.com

noida.info

trndystore.com

arhaldar.online

vivibanca.tech

mykrema.com

vseserialy.online

ridgewayinsua.com

heauxland.com

bestcollegecourses.com

Targets

- Target
  
  tmp
- Size
  
  193KB
- MD5
  
  4ef1cf561792490cfc119a6f4b9433cc
- SHA1
  
  6c7cfb9a79edeba7859088ca1a1f9da6d236facb
- SHA256
  
  25148c38c34edf03d8c2610e75188f9223421978e0a73eec5c8a303ca1280d07
- SHA512
  
  ba4d5b504491e9ed078b51235c3f1a6af7ff769a70ff6127297a03c299a6fe8f7ea1bdea158ff2624d2e9949125a3802255350e748ee263befc9e820e9530813
Score

10^/10

xloader bs8f loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2