ioc[.]one - OSINT Cyber Threat Intelligence Database

Technical Analysis of Xloader’s Code Obfuscation in Version 4.3

Tags

cmtmf-attack-pattern:	Process Injection
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Process Injection - T1631 Python - T1059.006 Process Injection - T1055

Show in Graph

Common Information

Type	Value
UUID	f2230226-f84b-4eee-9f9c-8ab55069bde2
Fingerprint	bc9c2c5145d5bae1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 18, 2023, midnight
Added to db	Nov. 9, 2023, 1:04 a.m.
Last updated	Nov. 17, 2024, 6:49 p.m.
Headline	Zscaler Blog
Title	Technical Analysis of Xloader’s Code Obfuscation in Version 4.3
Detected Hints/Tags/Attributes	49/3/88

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/technical-analysis-xloader-s-code-obfuscation-version-4-3

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	406	✔	Security Research \| Blog Category Feed	https://www.zscaler.com/blogs/feeds/security-research	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	jourmoe.com
Details	Domain	1	060jinbo.com
Details	Domain	1	10086253.vip
Details	Domain	1	117ygh9x.com
Details	Domain	1	365-8119.com
Details	Domain	1	365heji.com
Details	Domain	1	4tx.ru
Details	Domain	1	667fm.com
Details	Domain	1	991-touring.info
Details	Domain	1	abttt.win
Details	Domain	1	adacaranya.com
Details	Domain	1	allforfun.online
Details	Domain	1	allison2patrick.online
Details	Domain	1	applicationsdown.store
Details	Domain	1	apsocreto.online
Details	Domain	1	avdeeva.info
Details	Domain	1	betfury-platform.net
Details	Domain	1	bilpoinsaat.net
Details	Domain	1	bocc.live
Details	Domain	1	bookinbournemouth.co.uk
Details	Domain	1	botanica-online.ru
Details	Domain	1	byfuture.biz
Details	Domain	1	canlicerrahi.xyz
Details	Domain	1	ceu84g.com
Details	Domain	1	chiyiqian.net
Details	Domain	1	christmatoy.com
Details	Domain	1	cinemamaxz.com
Details	Domain	1	coffeelectro.online
Details	Domain	1	dedmorozvidos.store
Details	Domain	1	difozaa.life
Details	Domain	1	dugebitv4.xyz
Details	Domain	1	eatgre.wiki
Details	Domain	1	expertponto.com
Details	Domain	1	farmanow.xyz
Details	Domain	1	flippingfrenzy.com
Details	Domain	1	g2fm.co.uk
Details	Domain	1	ginaandhipa.com
Details	Domain	1	graciesvoice.info
Details	Domain	1	guzmanmodels.com
Details	Domain	1	habka.online
Details	Domain	1	hal-skincare.com
Details	Domain	1	hiufouwnwk.shop
Details	Domain	1	hjiqa.com
Details	Domain	1	huifeng-tech.com
Details	Domain	1	identowel.com
Details	Domain	1	inigrey.com
Details	Domain	1	ituyiut.wang
Details	Domain	1	jimtrosper.com
Details	Domain	1	kajainterior.com
Details	Domain	1	loaddown.vip
Details	Domain	1	mgconsultantlogistics.com
Details	Domain	1	myif471ok9ipidk2kkl.xyz
Details	Domain	1	najdlegend1.com
Details	Domain	1	nnhuigou.com
Details	Domain	1	ogei.app
Details	Domain	1	poweroffer.net
Details	Domain	1	realtxt.co.uk
Details	Domain	1	seeword.site
Details	Domain	1	solutionsquik.net
Details	Domain	1	themas5erofssuepnse.cyou
Details	Domain	1	uevj.win
Details	Domain	1	vowlashes.co.uk
Details	Domain	1	wanknumbers.co.uk
Details	Domain	1	wsavxrg.shop
Details	Domain	1	zzaen.com
Details	Domain	84	www.zscaler.com
Details	Domain	911	any.run
Details	Domain	61	www.netscout.com
Details	Domain	184	www.fireeye.com
Details	Domain	141	research.checkpoint.com
Details	File	1260	explorer.exe
Details	File	4	formbook-malware-distribution-campaigns.html
Details	sha256	1	9e1b4f2d408e187ca641c0c16269069d0acabe5ae15514418726fbc720b33731
Details	sha256	1	f55ce0741ed4615bae5646c644b3a971323ac344b12693495d5749c688d5d489
Details	sha256	1	3bd86f3906f59f627bf65664d2bfacf37a29dbaafeae601baf5eeb544396f26c
Details	sha256	1	8e12b85676aaf45a93c91e2db2065151e19f184907da6d85701ac3b13d0e6052
Details	sha256	1	6a726fb5c93adbae0f3061b40b19745587c0114deb86bd72c90acdd69242cbe0
Details	Url	1	https://www.zscaler.com/blogs/security-research/analysis-xloaders-c2-network-encryption
Details	Url	2	https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption
Details	Url	2	https://www.netscout.com/blog/asert/formidable-formbook-form-grabber
Details	Url	2	https://www.fortinet.com/blog/threat-research/deep-analysis-new-formbook-variant-delivered-phishing-campaign-part-i?utm_source=blog&utm_campaign=deep
Details	Url	2	https://www.fortinet.com/blog/threat-research/deep-analysis-formbook-new-variant-delivered-phishing-campaign-part-ii?utm_source=blog&utm_campaign=deep
Details	Url	2	https://www.fortinet.com/blog/threat-research/deep-analysis-formbook-new-variant-delivered-in-phishing-campaign-part-iii
Details	Url	4	https://www.fireeye.com/blog/threat-research/2017/10/formbook-malware-distribution-campaigns.html
Details	Url	2	https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos
Details	Url	2	https://research.checkpoint.com/2021/time-proven-tricks-in-a-new-environment-the-macos-evolution-of-formbook
Details	Url	2	https://research.checkpoint.com/2021/stealth-is-never-enough-or-revealing-formbook-successors-cc-infrastructure
Details	Url	1	https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can