xloader | 6cfb66c75d42e49a9a8d6cbf73eb9de1c8df27848f2bf65a81b5b64743699cba | Triage

Sharing

General

Target

6cfb66c75d42e49a9a8d6cbf73eb9de1c8df27848f2bf65a81b5b64743699cba
Size

275KB
Sample

220513-r8vgjsgff2
MD5

b5691d968eccd79d3b535e2686cb1a03
SHA1

94d44d86ce784de393323a58474224731189c19b
SHA256

6cfb66c75d42e49a9a8d6cbf73eb9de1c8df27848f2bf65a81b5b64743699cba
SHA512

fbb331868c26b6d01553b19571f7ab66d97f049ad8323168189302d6f4d20df5af6ec9528d204130e609807d796f9f081dfc4a50cd5692e38169aa9223ceb849

Score

10^/10

xloader bs8f loader rat suricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bs8f

Decoy

atmospheraglobal.com

dontshootima.com

bestofferusde.club

yourdigitalboss.com

breskizci.com

myarrovacoastwebsite.com

reasclerk.com

efrovida.com

wsmz.net

upneett.com

loefflerforgov.com

noida.info

trndystore.com

arhaldar.online

vivibanca.tech

mykrema.com

vseserialy.online

ridgewayinsua.com

heauxland.com

bestcollegecourses.com

Targets

- Target
  
  6cfb66c75d42e49a9a8d6cbf73eb9de1c8df27848f2bf65a81b5b64743699cba
- Size
  
  275KB
- MD5
  
  b5691d968eccd79d3b535e2686cb1a03
- SHA1
  
  94d44d86ce784de393323a58474224731189c19b
- SHA256
  
  6cfb66c75d42e49a9a8d6cbf73eb9de1c8df27848f2bf65a81b5b64743699cba
- SHA512
  
  fbb331868c26b6d01553b19571f7ab66d97f049ad8323168189302d6f4d20df5af6ec9528d204130e609807d796f9f081dfc4a50cd5692e38169aa9223ceb849
Score

10^/10

xloader bs8f loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderbs8floaderratsuricata