xloader

General

Target

a30ce56b0c2277601c2d088509066b51fedbf16a8c2d0569aee5e8aa9bc8eab9
Size

611KB
Sample

220625-xygqlaggcr
MD5

dca52738641df47b688d41088c775b19
SHA1

82b53cdb35de65b6fd6739af9c72ddbca36a1ffa
SHA256

a30ce56b0c2277601c2d088509066b51fedbf16a8c2d0569aee5e8aa9bc8eab9
SHA512

091bf232b177c4e72091cedc23c5085c8d36da0e8253a7b19fc889696bafd5bd1dd0c263cbd15f84aeb7855a91c08a031ff0ec01942fdeb5327684bad305af67

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p596

Decoy

ushistorical.com

lovepropertylondon.com

acupress-the-point.com

3772548.com

ambientabuse.com

primaveracm.com

themidwestmomblog.com

havasavunma.com

rockyroadbrand.com

zzphys.com

masque-inclusif.com

myeonyeokplus.com

linkernet.pro

zezirma.com

mysiniar.com

andreamall.com

mattesonauto.com

wandopowerinc.com

casaurgence.com

salishseaquilts.com

Targets

- Target
  
  ULnsMhkLMmFISmk.exe
- Size
  
  790KB
- MD5
  
  9e2f228029738210cb89504393113f02
- SHA1
  
  47b2dcfae34251772a5dbde9e381cceaf80063e9
- SHA256
  
  a62281360a594e22783fb5dfc0e34645726b22df9ae0939b56a5b41e51289f97
- SHA512
  
  3b980df970f6a652e355ec8ddd147144252c4204db52d6ddf9ead5dac7b89b2c153b668f24bcb94a85aa5d4d4642c22b56c647419e38eab1817a39e1de5a8f7d
Score

10^/10

xloader p596 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2