xloader | bdcd5929ef23f438273b22491c48aa8db7c31041b3c7078fc37a230583d98d2a | Triage

Sharing

General

Target

bdcd5929ef23f438273b22491c48aa8db7c31041b3c7078fc37a230583d98d2a
Size

369KB
Sample

210727-dqmswl1qdn
MD5

f8fff78ec9987e77fe89ff2d624d6274
SHA1

9eacf9abce750a550389eca3f3c0be419bc8bc5a
SHA256

bdcd5929ef23f438273b22491c48aa8db7c31041b3c7078fc37a230583d98d2a
SHA512

5770c1fc89301a057537578a23318223ac5c3ba1409510742c979d2555ea785b951a2f0d7fcbb1e7f93214ecd2203c2416a3606459bd55f109339626b8563e6e

Score

10^/10

xloader loader rat suricata

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.bodymoisturizer.online/q4kr/

Decoy

realmodapk.com

hanoharuka.com

shivalikspiritualproducts.com

womenshealthclinincagra.com

racketpark.com

startuporig.com

azkachinas.com

klanblog.com

linuxradio.tools

siteoficial-liquida.com

glsbuyer.com

bestdeez.com

teens2cash.com

valleyviewconstruct.com

myfortniteskins.com

cambecare.com

csec2011.com

idookap.com

warmwallsrecords.com

smartmirror.one

Targets

- Target
  
  PO_S32G01521.exe
- Size
  
  450KB
- MD5
  
  7c67d687aa9d574fcea531bda2eda1da
- SHA1
  
  9ca303e862a7d00d2768abcf83211fceb72e836c
- SHA256
  
  44810a90a17a6d1286bdd1862a82c7062371ccece40cbd8e22dce7028e011825
- SHA512
  
  55ad7074da83ff222622fad62e2f657d7c888d7ed2398346c9e897ac77d8f5f275513eeb11e82081242fb3c17d7f1eb739e024ff617dd1d0f4ed4d78d8859b6a
Score

10^/10

xloader loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderloaderratsuricata