xloader | 4d8cc87942499042195cec4fdb2fc5869d4bf98a1d827fd30fb74e82cf0fdc0f | Triage

Sharing

General

Target

4d8cc87942499042195cec4fdb2fc5869d4bf98a1d827fd30fb74e82cf0fdc0f
Size

224KB
Sample

220514-qnhftahgh7
MD5

ce42fe431b88922ab59b6fd880cadcf6
SHA1

652914d960da1d37d270db7f6e3b07c9d4b0e3a9
SHA256

4d8cc87942499042195cec4fdb2fc5869d4bf98a1d827fd30fb74e82cf0fdc0f
SHA512

62b30a77cb2ef3491abb3ec517ca966c4a9eafa0f263118ba817a4ce87f8d3cddc014bce25ff268435b7f69605e6c14b8031b482f7caf00e855964c618c609ba

Score

10^/10

xloader ocgr loader rat suricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ocgr

Decoy

shiftmedicalstaffing.agency

muktobangla.xyz

attmleather.com

modelahs.com

clime.email

yonatec.com

mftie.com

doxofcolor.com

american-atlantic.net

christineenergy.com

fjqsdz.com

nagpurmandarin.com

hofwimmer.com

gororidev.com

china-eros.com

xn--ekrt15fxyb2t2c.xn--czru2d

dabsavy.com

buggy4t.com

souplant.com

insurancewineappraisals.com

Targets

- Target
  
  4d8cc87942499042195cec4fdb2fc5869d4bf98a1d827fd30fb74e82cf0fdc0f
- Size
  
  224KB
- MD5
  
  ce42fe431b88922ab59b6fd880cadcf6
- SHA1
  
  652914d960da1d37d270db7f6e3b07c9d4b0e3a9
- SHA256
  
  4d8cc87942499042195cec4fdb2fc5869d4bf98a1d827fd30fb74e82cf0fdc0f
- SHA512
  
  62b30a77cb2ef3491abb3ec517ca966c4a9eafa0f263118ba817a4ce87f8d3cddc014bce25ff268435b7f69605e6c14b8031b482f7caf00e855964c618c609ba
Score

10^/10

xloader ocgr loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xloaderocgrloaderratsuricata