xloader | a7ad626a9a14d2e0bbf3c43954a8c9497b69e8c8b27fbdfc7d6fdf699613a6bc | Triage

Sharing

General

Target

muestras de productos.exe
Size

927KB
Sample

210722-12wwz7j6jj
MD5

0f346a68db9aa51d88cc26ed28920b51
SHA1

6013587a5e74bc0a6314f6491138937392911ed0
SHA256

a7ad626a9a14d2e0bbf3c43954a8c9497b69e8c8b27fbdfc7d6fdf699613a6bc
SHA512

c7b00ac68416c445ac55a3893e03a268a746ef3bf49be1baddb69057d09209ebdaac3cd251d000ed2dbc847b00b0b4c672241cc1e225b069b3ac76565cd6b5f6

Score

10^/10

xloader loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.recareerrecruiter.com/w56m/

Decoy

damai.zone

mywishbookweb.cloud

sandilakeclothing.bid

joysell.net

hackedwhores.com

sjdibang.com

memaquiahiga.com

bleeckerbobs.net

emmettthomas.com

thesheetz.com

mimik33.info

prettyprettybartending.com

3173596.com

shwangjia.com

sightuiop.com

tinnitusnow.online

mahadevexporters.com

cleaninglanarkshire.com

ibiaozhi.net

upinfame.com

Targets

- Target
  
  muestras de productos.exe
- Size
  
  927KB
- MD5
  
  0f346a68db9aa51d88cc26ed28920b51
- SHA1
  
  6013587a5e74bc0a6314f6491138937392911ed0
- SHA256
  
  a7ad626a9a14d2e0bbf3c43954a8c9497b69e8c8b27fbdfc7d6fdf699613a6bc
- SHA512
  
  c7b00ac68416c445ac55a3893e03a268a746ef3bf49be1baddb69057d09209ebdaac3cd251d000ed2dbc847b00b0b4c672241cc1e225b069b3ac76565cd6b5f6
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2

xloaderloaderrat