xloader | 8e134b5eecace0634b5bc2e100b9977dd3b1391c5f286eed77bade56f750f3c2 | Triage

Sharing

General

Target

fb3052ec_by_Libranalysis
Size

694KB
Sample

210503-vf9qgj11ja
MD5

fb3052ec21fdb8a73aec0910d030dc85
SHA1

b8fe54dcb42da074c54fe0fb9ad153b5a18004dd
SHA256

8e134b5eecace0634b5bc2e100b9977dd3b1391c5f286eed77bade56f750f3c2
SHA512

2693c566b20df6de4d2e47fab1389362cf4f68e8194eaf846dcdf8d9be385a612b29cd5ce4993dfe6636219cfd6c3ea14267c203cf86fe2fdbbe35cfbd776018

Score

10^/10

xloader loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.fulibo.net/treq/

Decoy

sungjinguk.com

xinglanyishu.com

datanghengtong.com

theeaglegolf.com

delco-west.com

scflb.com

phpss.com

the-casual1.club

nfmscholarship.com

badtweezers.com

leonardkoh.com

ex-un.com

hft20001224.com

repurposingforresults.com

purerehabandperformance.com

tower9taik.com

goldenesq.com

wrushop.online

ttlqpphp.xyz

fabbvida.com

Targets

- Target
  
  a4b6da0419d1147387e225baa3506a44c4cc139b6eb35a4e1d5a7ece53c8ea57.bin
- Size
  
  742KB
- MD5
  
  89324197965133a737f00cf3ea914d66
- SHA1
  
  64147e0f689abce3feed599b0f8a931bc825f6e9
- SHA256
  
  a4b6da0419d1147387e225baa3506a44c4cc139b6eb35a4e1d5a7ece53c8ea57
- SHA512
  
  ed838f964f8f23e7675494674c34f7eb0959a4eccd2c635d9c422dc113b94fd7d667a547ee041a4ffc5dec22da32a71da88609cf40ed3112be70b1a5924ace4a
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2

xloaderloaderrat