xloader | 3611c1a2e9d1897825d5e7100a1c01d807f62a9c75d5f12602c168b0726d56ca | Triage

Sharing

General

Target

f8146a71dedc3eeeaa1624d6832c39a4
Size

535KB
Sample

210915-jwjwaadcam
MD5

f8146a71dedc3eeeaa1624d6832c39a4
SHA1

b1007a3beab21c77513bb9c4e6fc2a04c6346c04
SHA256

3611c1a2e9d1897825d5e7100a1c01d807f62a9c75d5f12602c168b0726d56ca
SHA512

eb4d38153e98fb9744b2ab9496e8a084e83c0202639823b2de5fcda7609221918d2615ad572f007c0f4a62d363e2362936b585be1e09462fa299dfac69fc2654

Score

10^/10

xloader vuja loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

vuja

C2

http://www.dressmids.com/vuja/

Decoy

maryjanearagon.com

casualwearus.com

thephonecasedepot.com

twinpeaksyouthbasketball.com

secure-filliale.com

thecoastalhomeshop.com

poloandaccessories.com

thesouthernchildtn.com

whereallroadslead.com

harecase.com

discomountainkombucha.com

tjandamber.com

yctyhb.com

miccitypb.com

niliana.com

fraktal.media

goodgrrrldesign.com

tcheapvrwdshop.com

orchid-nirvana2.homes

mckinleyacreage.com

Targets

- Target
  
  f8146a71dedc3eeeaa1624d6832c39a4
- Size
  
  535KB
- MD5
  
  f8146a71dedc3eeeaa1624d6832c39a4
- SHA1
  
  b1007a3beab21c77513bb9c4e6fc2a04c6346c04
- SHA256
  
  3611c1a2e9d1897825d5e7100a1c01d807f62a9c75d5f12602c168b0726d56ca
- SHA512
  
  eb4d38153e98fb9744b2ab9496e8a084e83c0202639823b2de5fcda7609221918d2615ad572f007c0f4a62d363e2362936b585be1e09462fa299dfac69fc2654
Score

10^/10

xloader vuja loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadervujaloaderrat

behavioral2

xloadervujaloaderrat