xloader

General

Target

PRICE_REQUEST_QUOTATION.exe
Size

260KB
Sample

210928-gm2nmaagbl
MD5

85589170af713a03ca622f94429c634a
SHA1

4e0b9dfd13dd6e4b85bca4352be0cec2be9024d7
SHA256

dae6ba220bb0a34de731b57965753391343bfe96f9f3fa4fea48102d3377ccf7
SHA512

1379d1dbed880c664d7314018e676970afd192a423e6144f3bac6b15e5f89fb4bc245adbe462046ccfb6692e0054be18b459bc2757e60d700c03758232682dd9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rgoe

C2

http://www.nudesalon.digital/rgoe/

Decoy

iamstevekelsey.com

homesofchaparralcountryclub.com

voiceyupcom.com

searchengineeye.com

charsantosart.com

baila.madrid

yota.store

halloweenbaldhills.net

futurodr.com

centercodebase.com

666b20.xyz

4-6-2.com

gspotworld.com

rbb78.com

1kingbet.com

hzhongon.com

dossierinc.com

sustainablefoodfactory.com

golfsol.art

socialenterprisestudio.com

Targets

- Target
  
  PRICE_REQUEST_QUOTATION.exe
- Size
  
  260KB
- MD5
  
  85589170af713a03ca622f94429c634a
- SHA1
  
  4e0b9dfd13dd6e4b85bca4352be0cec2be9024d7
- SHA256
  
  dae6ba220bb0a34de731b57965753391343bfe96f9f3fa4fea48102d3377ccf7
- SHA512
  
  1379d1dbed880c664d7314018e676970afd192a423e6144f3bac6b15e5f89fb4bc245adbe462046ccfb6692e0054be18b459bc2757e60d700c03758232682dd9
Score

10^/10

xloader rgoe loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2