xloader

General

Target

tmp
Size

331KB
Sample

220705-w7xmqsbggq
MD5

4a80cec907b418a133ad5d3eea96923f
SHA1

b7772efaa512ed3465b17e07af829fedd9a885df
SHA256

54dd1a6be86907485cb1f716306eb8918116f873a9382e10d92f6632491c1074
SHA512

e8af59e857347c22a0cea3981122018b472482382fe11c642c4a67d182fc6aa78ea257f63630b36358b95304cbd07bc1048b35163af72fbb87329f3f1897bb2c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

sk8m

Decoy

cruisinforabluesin.net

elkntordo.quest

mtmoriginal.com

arespermire.quest

maisoulcolor.com

thegreekfarmerstaverna.com

midlife-fitness.com

uniquelyjessica.com

everybunnyeverybirdy.net

tryafaq.com

aandreashopp.com

selfyou.store

healthtradeusa.com

visiency.com

rainbowshopscom.com

raj-spostitve.com

jupiterflightband.com

haigui.ltd

theparentharbour.com

themutualfriend.com

Targets

- Target
  
  tmp
- Size
  
  331KB
- MD5
  
  4a80cec907b418a133ad5d3eea96923f
- SHA1
  
  b7772efaa512ed3465b17e07af829fedd9a885df
- SHA256
  
  54dd1a6be86907485cb1f716306eb8918116f873a9382e10d92f6632491c1074
- SHA512
  
  e8af59e857347c22a0cea3981122018b472482382fe11c642c4a67d182fc6aa78ea257f63630b36358b95304cbd07bc1048b35163af72fbb87329f3f1897bb2c
Score

10^/10

xloader sk8m loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2