xloader

General

Target

soa.exe
Size

733KB
Sample

220609-njr4cafecm
MD5

430cb910503e0fb17dea4259ad82e0c9
SHA1

2a6d2f9521ff771c5320719f7142ddec7163e2b7
SHA256

29e01694dfdb882f3922844f2fa640eb19fb99ff1179ac378df15b45fac32f11
SHA512

1cb05ab896d6f2ca211d25242fdf515ce7399e53bd09e697f621a6bc911a0ac098e9bfe3d5cbb623629e3ca10d5474d429bc8c07ab2a07d02f6c1fa9ea2dd288

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

a8hq

Decoy

veteransductcleaning.com

beajtjunkies.com

houseofascofi.com

scottsdalemediator.com

atelyadesign.com

profitcase.pro

imtokenio.club

qinglingpai.com

bigsmile-meal.net

daytonlivestream.com

aspiradores10.online

ytybs120.com

hdatelier.com

bearpierce.com

yeson28ca.com

booklearner.com

m8j9.club

mmophamthinhlegend.space

hq4a7o6zb.com

sophiadaki.online

Targets

- Target
  
  soa.exe
- Size
  
  733KB
- MD5
  
  430cb910503e0fb17dea4259ad82e0c9
- SHA1
  
  2a6d2f9521ff771c5320719f7142ddec7163e2b7
- SHA256
  
  29e01694dfdb882f3922844f2fa640eb19fb99ff1179ac378df15b45fac32f11
- SHA512
  
  1cb05ab896d6f2ca211d25242fdf515ce7399e53bd09e697f621a6bc911a0ac098e9bfe3d5cbb623629e3ca10d5474d429bc8c07ab2a07d02f6c1fa9ea2dd288
Score

10^/10

xloader a8hq loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2