xloader | hxxp://192[.]3[.]152[.]208/leo/ | Triage

Submit
Reports

Overview

overview

Static

static

URLScan

urlscan

http://192.3.152.208...

windows10_x64

Sharing

General

Target

http://192.3.152.208/leo/
Sample

210820-t9vsvrjtzn

Score

10^/10

xloader n8ba loader persistence rat suricata

Static task

static1

URLScan task

urlscan1

Sample

http://192.3.152.208/leo/

Behavioral task

behavioral1

Sample

http://192.3.152.208/leo/

Resource

win10v20210408

xloader n8ba loader persistence rat suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n8ba

C2

http://www.narrowpathwc.com/n8ba/

Decoy

thefitflect.com

anytourist.com

blggz.xyz

ascope.club

obyeboss.com

braun-mathematik.online

mtsnurulislamsby.com

jwpropertiestn.com

animalds.com

cunerier.com

sillysocklife.com

shopliyonamaaghin.net

theredcymbalsco.com

lostbikeproject.com

ryggoqlmga.club

realestatetriggers.com

luvlauricephotography.com

cheesehome.cloud

5fashionfix.net

wata-6-rwem.net

ominvestment.net

rrinuwsq643do2.xyz

teamtacozzzz.com

newjerseyreosales.com

theresahovo.com

wowmovies.today

77k6tgikpbs39.net

americagoldenwheels.com

digitaladbasket.com

gcagame.com

arielatkins.net

2020coaches.com

effthisshit.com

nycabl.com

fbvanminh.com

lovebirdsgifts.com

anxietyxpill.com

recaptcha-lnc.com

aprendelspr.com

expatinsur.com

backtothesimplethings.com

pcf-it.services

wintonplaceoh.com

designermotherhood.com

naamt.com

lifestylebykendra.com

thehighstatusemporium.com

oneninelacrosse.com

mariasmoworldwide.com

kitesurf-piraten.net

atelierbond.com

mynjelderlaw.com

moucopia.com

hauhome.club

imroundtable.com

thralink.com

baoequities.com

nassy.cloud

goldenstatelabradoodles.com

revenueremedyintensive.com

dfendglobal.com

pugliaandgastronomy.com

cypios.net

trinioware.com

Targets

- Target
  
  http://192.3.152.208/leo/
Score

10^/10

xloader n8ba loader persistence rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE FormBook CnC Checkin (POST) M2
  suricata: ET MALWARE FormBook CnC Checkin (POST) M2
  suricata
- Xloader Payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

xloadern8baloaderpersistenceratsuricata

© 2018-2024

Terms | Privacy