xloader | fd7d59d19a68768e98c0f1b849c0f2a9f3dda204fb711ff2905641583bdc8938 | Triage

Sharing

General

Target

TNT SHIPPING DOC 6753478364.exe
Size

702KB
Sample

210430-tnqqdp925a
MD5

65afc870a82a78d14f58e5f3bf8b36f8
SHA1

ca5ae801b5b24fffe830a903b432f175b9c9f169
SHA256

fd7d59d19a68768e98c0f1b849c0f2a9f3dda204fb711ff2905641583bdc8938
SHA512

249e1ac4450ddeaf2f1897381c198ba6705522b88741d4a780c3867885b8a8d1bf398c1a67dc0e2cc6b8aaf6378ac48e9dc214f4288e498b7cf1dae257e064af

Score

10^/10

xloader loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.alldaazz.com/maw9/

Decoy

jaimericart.com

mayavantcard.com

romanzava.site

forefrontunderground.com

grafikirmarketing.com

airpoppoff.com

captureq.com

vph.ventures

historiclocation.com

theoxfordway.com

springersells.com

huther.mobi

networkingmaderas.com

reggatech.com

dollfacela.com

moneycrypt.net

calidad-precio.net

hamnsk165.com

victoriabrownrealtor.com

itechfreak.com

Targets

- Target
  
  TNT SHIPPING DOC 6753478364.exe
- Size
  
  702KB
- MD5
  
  65afc870a82a78d14f58e5f3bf8b36f8
- SHA1
  
  ca5ae801b5b24fffe830a903b432f175b9c9f169
- SHA256
  
  fd7d59d19a68768e98c0f1b849c0f2a9f3dda204fb711ff2905641583bdc8938
- SHA512
  
  249e1ac4450ddeaf2f1897381c198ba6705522b88741d4a780c3867885b8a8d1bf398c1a67dc0e2cc6b8aaf6378ac48e9dc214f4288e498b7cf1dae257e064af
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2

xloaderloaderrat