xloader

General

Target

55f9aca129149b9bfd4e9685cf1e52b394dda7b2a47a3f989e46f12e5c306907
Size

655KB
Sample

220725-g1bdlaacfp
MD5

52c7af6bc13670eb0b4b830d4f60fd7b
SHA1

b6d3c5f7f912ef524dc7e2679a6e205a0fb88b13
SHA256

55f9aca129149b9bfd4e9685cf1e52b394dda7b2a47a3f989e46f12e5c306907
SHA512

6f6a0482962d39e3bd5fedf8c3db14607fc0cce81b544df5578aa8f408a18c106b58c5d8b7c8fdd5e8cafac30477a892cd3203cb452fd321d8e2397baa850bae

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

o8g5

Decoy

janeyelizarobertson.online

skachat-mp3.com

teamugoldzulu.com

qizuibashe.com

futuregainz.net

deedlife.com

findersguilde.com

memountainbikeadventures.com

carflagsmagnets.com

queenofheartsshop.com

jematai.com

adriannawilleford.com

dryfamwines.com

capitalsorted.com

runtaoyan.com

1833sell911.com

ysh9006.com

fouracrefoods.com

greenfieldjack.net

jokerjackpot888.com

Targets

- Target
  
  55f9aca129149b9bfd4e9685cf1e52b394dda7b2a47a3f989e46f12e5c306907
- Size
  
  655KB
- MD5
  
  52c7af6bc13670eb0b4b830d4f60fd7b
- SHA1
  
  b6d3c5f7f912ef524dc7e2679a6e205a0fb88b13
- SHA256
  
  55f9aca129149b9bfd4e9685cf1e52b394dda7b2a47a3f989e46f12e5c306907
- SHA512
  
  6f6a0482962d39e3bd5fedf8c3db14607fc0cce81b544df5578aa8f408a18c106b58c5d8b7c8fdd5e8cafac30477a892cd3203cb452fd321d8e2397baa850bae
Score

10^/10

xloader o8g5 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2