xloader | 50307805ba87921ad43b60e6321b682e3dfeeb3ab1622f5c1146c412530e6c11 | Triage

Submit
Reports

Overview

overview

Static

static

90c60c57ce...ce.exe

windows7_x64

90c60c57ce...ce.exe

windows10_x64

Sharing

General

Target

90c60c57ce0606d09dbd01751eb2bd5cd86d4344bd69ceb2f5697b1239070cce.zip
Size

450KB
Sample

210817-v33z1pwykn
MD5

bea4ad496614db38bbb255f9410bdcd0
SHA1

f27e28348220c48204c2337975d3dbbb1c623cff
SHA256

50307805ba87921ad43b60e6321b682e3dfeeb3ab1622f5c1146c412530e6c11
SHA512

c59af56170465754f532d1315a000122b7cf3d2d80cf22175f6cf7dee00b898e33b658593849271a4398d3765091b2302b3d5b5c25df8608e8072182e3e1d14b

Score

10^/10

xloader b8eu agilenet loader persistence rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

90c60c57ce0606d09dbd01751eb2bd5cd86d4344bd69ceb2f5697b1239070cce.exe

Resource

win7v20210410

xloader b8eu agilenet loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

90c60c57ce0606d09dbd01751eb2bd5cd86d4344bd69ceb2f5697b1239070cce.exe

Resource

win10v20210410

xloader b8eu agilenet loader persistence rat suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b8eu

C2

http://www.yummylipz.net/b8eu/

Decoy

ppslide.com

savorysinsation.com

camilaediego2021.com

rstrunk.net

xianshikanxiyang.club

1borefruit.com

ay-danil.club

xamangxcoax.club

waltonunderwood.com

laurabissell.com

laurawmorrow.com

albamauto.net

usamlb.com

theoyays.com

freeitproject.com

jijiservice.com

ukcarpetclean.com

wc399.com

xn--pskrtmebeton-dlbc.online

exclusivemerchantsolutions.com

kkkc5.com

kakashis.club

minldsrvlceacvtlvty.net

tucantec.com

dreamlivehope.com

tayruaeco.com

wgaoutdoors.com

obersrock.com

notosickness.com

carporttube.com

customcbdgroup.com

vincentstreetdental.site

fidatosas.com

soft-drill.com

thelearningcountscompany.com

brateix.info

sexting-sites.com

wheredidmystokego.com

alorve.com

cataractmeds.com

purhenna.com

slicesystem.com

xn--v4q8fq9ps1clx5d774b.com

tuffysfight.com

dongtaykethop.cloud

thedesertwellness.com

maxridetubes.com

jungbo33.xyz

rokitrevs.com

fsoinc.com

bartelmefamily.com

greenresearch.farm

wws520.com

scoutandstellar.com

therachelfrankshow.com

rastrosomostodos.com

jqxfinance.com

escortsoslo.com

ocd-diesel.com

domainedelafrouardiere.com

9adamtech.com

omniheating.com

dpymenus.com

sellingonlineschool.com

Targets

- Target
  
  90c60c57ce0606d09dbd01751eb2bd5cd86d4344bd69ceb2f5697b1239070cce
- Size
  
  727KB
- MD5
  
  697603470394ef65a7996011adf0db69
- SHA1
  
  7139f8e802aa6decce3ae28fd49c3d92b5e19823
- SHA256
  
  90c60c57ce0606d09dbd01751eb2bd5cd86d4344bd69ceb2f5697b1239070cce
- SHA512
  
  15a809d90a56b5b8544b994406ca954b39c3650977809e4531b684d6003b9ed597fd1c89c703d985ea898855d49cfb9b7d24f9c198c6c0d033d794c1e33167f6
Score

10^/10

xloader b8eu agilenet loader rat persistence suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE FormBook CnC Checkin (POST) M2
  suricata: ET MALWARE FormBook CnC Checkin (POST) M2
  suricata
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderb8euagilenetloaderrat

behavioral2

xloaderb8euagilenetloaderpersistenceratsuricata

© 2018-2024

Terms | Privacy