xloader | 173797a7a7a881f3d6230015620bae28d21b4b41b7e568c2a881b3c0829dd67e | Triage

Sharing

General

Target

a563615dfe562e7a11c2b7f21dcfcd412594eeee
Size

671KB
Sample

210504-m99sy47qf2
MD5

089175069d5c095f078b7f8a3b28a22d
SHA1

a563615dfe562e7a11c2b7f21dcfcd412594eeee
SHA256

173797a7a7a881f3d6230015620bae28d21b4b41b7e568c2a881b3c0829dd67e
SHA512

987900b187a7757e186238fcc1a6b72c26a8b6619818ea34d91df86c8f1a1f79e31323d42f054f98cb705ec9c6b4720c5159f5746739388fa971942db79b5694

Score

10^/10

xloader loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.evrbrite.com/o86d/

Decoy

marielivet.com

shadowlovely.com

novfarm.com

genialnetero.com

nj-yanhua.com

thaihuay88.com

iizponja.com

stark-stg.net

nueforma.com

fincheckxu.com

joycasino-2020.club

9thwrld.com

komofood.com

weekendcost.com

marczeimet.com

santequebec.info

arpinaindustriesllc.com

soyakmuzayede.com

trivesse.online

shonanwakukengyou.com

Targets

- Target
  
  a563615dfe562e7a11c2b7f21dcfcd412594eeee
- Size
  
  671KB
- MD5
  
  089175069d5c095f078b7f8a3b28a22d
- SHA1
  
  a563615dfe562e7a11c2b7f21dcfcd412594eeee
- SHA256
  
  173797a7a7a881f3d6230015620bae28d21b4b41b7e568c2a881b3c0829dd67e
- SHA512
  
  987900b187a7757e186238fcc1a6b72c26a8b6619818ea34d91df86c8f1a1f79e31323d42f054f98cb705ec9c6b4720c5159f5746739388fa971942db79b5694
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2

xloaderloaderrat