xloader | 207dff33f6f91f114deae60a6cb3a404a5f40bc607fb6015f680c8980af7ac16 | Triage

Sharing

General

Target

Unpaid invoice.exe
Size

548KB
Sample

210915-h21kjsdbbn
MD5

3ade5b9b508051cc39c1c610f4af5a12
SHA1

662056878a2b1fb1e99d1f74bb0e8694904fdccd
SHA256

207dff33f6f91f114deae60a6cb3a404a5f40bc607fb6015f680c8980af7ac16
SHA512

a99f9f23663bc09fca19a96968a15014679e8bbe2bb4a6f64897a34b86faf72848af138b4dbdcda1ef19d4e2488e81dc447c50af5e05f2c67cf7521b070c3d0f

Score

10^/10

xloader b6cu loader rat suricata

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6cu

C2

http://www.allfyllofficial.com/b6cu/

Decoy

sxdiyan.com

web0084.com

cpafirmspokane.com

la-bio-geo.com

chacrit.com

stuntfighting.com

rjsworkshop.com

themillennialsfinest.com

thefrontrealestate.com

chairmn.com

best1korea.com

gudssutu.icu

backupchip.net

shrikanthamimports.com

sportrecoverysleeve.com

healthy-shack.com

investperwear.com

intertradeperu.com

resonantonshop.com

greghugheslaw.com

Targets

- Target
  
  Unpaid invoice.exe
- Size
  
  548KB
- MD5
  
  3ade5b9b508051cc39c1c610f4af5a12
- SHA1
  
  662056878a2b1fb1e99d1f74bb0e8694904fdccd
- SHA256
  
  207dff33f6f91f114deae60a6cb3a404a5f40bc607fb6015f680c8980af7ac16
- SHA512
  
  a99f9f23663bc09fca19a96968a15014679e8bbe2bb4a6f64897a34b86faf72848af138b4dbdcda1ef19d4e2488e81dc447c50af5e05f2c67cf7521b070c3d0f
Score

10^/10

xloader b6cu loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderb6culoaderratsuricata

behavioral2

xloaderb6culoaderratsuricata