xloader | 4daead502dfca41fa6e5789eb458e5bc60ed7da6c8af2229596e1e0697f50701 | Triage

Sharing

General

Target

4daead502dfca41fa6e5789eb458e5bc60ed7da6c8af2229596e1e0697f50701
Size

1.0MB
Sample

220515-h4p7lagbhp
MD5

9c57cf589c6ff051d2aec2bbaf515dfb
SHA1

846b8e1244b7a7e2cbddbd837c77708b6bb0bb32
SHA256

4daead502dfca41fa6e5789eb458e5bc60ed7da6c8af2229596e1e0697f50701
SHA512

2947df318501ce13e7b99cf65fc0f18db3086f6ac97727831ffdb253a28fdce3ce10d1d1998b80423d313ae5d375ad2f65ff9b3741774e2a3632de7862364a0e

Score

10^/10

xloader arh2 loader rat suricata

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

arh2

Decoy

hstorc.com

blackountry.com

dhrbakery.com

dezhouofit.com

defipayout.xyz

ginas4t.com

byzbh63.xyz

qrcrashview.com

mialibaby.com

enhaut.net

samainnova.com

yashveerresort.com

delfos.online

dungcumay.com

lj-counseling.net

fliptheswitch.pro

padogbitelawyer.com

aticarev.com

sederino.site

bestplansforpets-japan3.life

Targets

- Target
  
  4daead502dfca41fa6e5789eb458e5bc60ed7da6c8af2229596e1e0697f50701
- Size
  
  1.0MB
- MD5
  
  9c57cf589c6ff051d2aec2bbaf515dfb
- SHA1
  
  846b8e1244b7a7e2cbddbd837c77708b6bb0bb32
- SHA256
  
  4daead502dfca41fa6e5789eb458e5bc60ed7da6c8af2229596e1e0697f50701
- SHA512
  
  2947df318501ce13e7b99cf65fc0f18db3086f6ac97727831ffdb253a28fdce3ce10d1d1998b80423d313ae5d375ad2f65ff9b3741774e2a3632de7862364a0e
Score

10^/10

xloader arh2 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xloaderarh2loaderratsuricata