xloader | 84fe246796952c9de41a5c2355bfbcb0dbea52f3e107395c8f40d3eec500cacf | Triage

Sharing

General

Target

ce2507ea9bf81d82d5df1b6878b95fc4
Size

684KB
Sample

210830-41fs2hdmzx
MD5

ce2507ea9bf81d82d5df1b6878b95fc4
SHA1

81f4988663a4a730b3611273324c06e53a4b56c3
SHA256

84fe246796952c9de41a5c2355bfbcb0dbea52f3e107395c8f40d3eec500cacf
SHA512

7d45955d51b7c070f54164fabf75d3c9988c351420ac2a50023bce7f37612415ad82781c7c65c8edb678193b96e759feaa1829bc3ccb3f8732dbc09b670e26b9

Score

10^/10

xloader n8ba loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n8ba

C2

http://www.narrowpathwc.com/n8ba/

Decoy

thefitflect.com

anytourist.com

blggz.xyz

ascope.club

obyeboss.com

braun-mathematik.online

mtsnurulislamsby.com

jwpropertiestn.com

animalds.com

cunerier.com

sillysocklife.com

shopliyonamaaghin.net

theredcymbalsco.com

lostbikeproject.com

ryggoqlmga.club

realestatetriggers.com

luvlauricephotography.com

cheesehome.cloud

5fashionfix.net

wata-6-rwem.net

Targets

- Target
  
  ce2507ea9bf81d82d5df1b6878b95fc4
- Size
  
  684KB
- MD5
  
  ce2507ea9bf81d82d5df1b6878b95fc4
- SHA1
  
  81f4988663a4a730b3611273324c06e53a4b56c3
- SHA256
  
  84fe246796952c9de41a5c2355bfbcb0dbea52f3e107395c8f40d3eec500cacf
- SHA512
  
  7d45955d51b7c070f54164fabf75d3c9988c351420ac2a50023bce7f37612415ad82781c7c65c8edb678193b96e759feaa1829bc3ccb3f8732dbc09b670e26b9
Score

10^/10

xloader n8ba loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadern8baloaderrat

behavioral2

xloadern8baloaderrat