xloader | f5572f8b1de7c0c418f9acf1d30896bea3ca9dfa369b0f27df851ea69e36cb4b | Triage

Sharing

General

Target

5d4344f2c377b22297ddeb0c98fa3e4b
Size

934KB
Sample

210824-8gqb1whv7x
MD5

5d4344f2c377b22297ddeb0c98fa3e4b
SHA1

f2552a1e584040b9a0eb9129e5ec8fc10f4072d1
SHA256

f5572f8b1de7c0c418f9acf1d30896bea3ca9dfa369b0f27df851ea69e36cb4b
SHA512

d2a768d13b8d2a555c77df5c25e818bcae57faee86386d49b2c937c1d754ba787d3eab310b87c9c05adae17dfea63d3cc0922a1c74d705f0e316dcaf1ede1a0f

Score

10^/10

xloader n8ba loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n8ba

C2

http://www.narrowpathwc.com/n8ba/

Decoy

thefitflect.com

anytourist.com

blggz.xyz

ascope.club

obyeboss.com

braun-mathematik.online

mtsnurulislamsby.com

jwpropertiestn.com

animalds.com

cunerier.com

sillysocklife.com

shopliyonamaaghin.net

theredcymbalsco.com

lostbikeproject.com

ryggoqlmga.club

realestatetriggers.com

luvlauricephotography.com

cheesehome.cloud

5fashionfix.net

wata-6-rwem.net

Targets

- Target
  
  5d4344f2c377b22297ddeb0c98fa3e4b
- Size
  
  934KB
- MD5
  
  5d4344f2c377b22297ddeb0c98fa3e4b
- SHA1
  
  f2552a1e584040b9a0eb9129e5ec8fc10f4072d1
- SHA256
  
  f5572f8b1de7c0c418f9acf1d30896bea3ca9dfa369b0f27df851ea69e36cb4b
- SHA512
  
  d2a768d13b8d2a555c77df5c25e818bcae57faee86386d49b2c937c1d754ba787d3eab310b87c9c05adae17dfea63d3cc0922a1c74d705f0e316dcaf1ede1a0f
Score

10^/10

xloader n8ba loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadern8baloaderrat

behavioral2

xloadern8baloaderrat