xloader

General

Target

b594d28ecd8be49f2ec9512008cfcbba.exe
Size

366KB
Sample

220706-tgryfsgga9
MD5

b594d28ecd8be49f2ec9512008cfcbba
SHA1

e6a3254ad46bd308832c2e4642c82151b61fe247
SHA256

038022c6f5c04dba6aa5b9289461209678a511329ad714ac45b132ad64ab8d60
SHA512

dfa5ae2e8d75ca8cb97ce4e5b21ecce36f5ed9267d40d886f9c810539871404276ea346f0d0b36a9dccf61bb1e292212325fc7625a583be212fc62058be849cf

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

sk8m

Decoy

cruisinforabluesin.net

elkntordo.quest

mtmoriginal.com

arespermire.quest

maisoulcolor.com

thegreekfarmerstaverna.com

midlife-fitness.com

uniquelyjessica.com

everybunnyeverybirdy.net

tryafaq.com

aandreashopp.com

selfyou.store

healthtradeusa.com

visiency.com

rainbowshopscom.com

raj-spostitve.com

jupiterflightband.com

haigui.ltd

theparentharbour.com

themutualfriend.com

Targets

- Target
  
  b594d28ecd8be49f2ec9512008cfcbba.exe
- Size
  
  366KB
- MD5
  
  b594d28ecd8be49f2ec9512008cfcbba
- SHA1
  
  e6a3254ad46bd308832c2e4642c82151b61fe247
- SHA256
  
  038022c6f5c04dba6aa5b9289461209678a511329ad714ac45b132ad64ab8d60
- SHA512
  
  dfa5ae2e8d75ca8cb97ce4e5b21ecce36f5ed9267d40d886f9c810539871404276ea346f0d0b36a9dccf61bb1e292212325fc7625a583be212fc62058be849cf
Score

10^/10

xloader sk8m loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2