xloader | 1771bccdd4c4fdc7d50d97ac10e5b1e0f980a4ff31233c59e9cfa17e9cd36a24 | Triage

Sharing

General

Target

1771bccdd4c4fdc7d50d97ac10e5b1e0f980a4ff31233c59e9cfa17e9cd36a24
Size

253KB
Sample

210920-xphljahffk
MD5

9d38faec3253e9ce395c8970d03d8180
SHA1

53128b83b922c39ed32065c9d8baae2c13059719
SHA256

1771bccdd4c4fdc7d50d97ac10e5b1e0f980a4ff31233c59e9cfa17e9cd36a24
SHA512

0c883d98ff5f255f3c4cdc1664f726606e44280e867dd727caa19cd6aa3aee849c4dc5d9555b118310f2b648a2c217d30d297005648c61edd40969e21dd2271a

Score

10^/10

xloader 9gdg loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

9gdg

C2

http://www.dechocolate.online/9gdg/

Decoy

cao-catos.ca

humanityumbrella.com

heatherflintford.com

paddyjulian.com

venturedart.com

pimpyoursmile.com

shellbacklabs.com

acesteeisupply.com

socotrajeweltours.com

aykutozden.com

corncobmeal.com

lesbiansforever.com

picknock.com

pawspetreiki.com

waikikidesignco.com

lelittnpasumo4.xyz

billing-updating.info

barangdapo.com

gatorfirerescue.com

jmovt.com

Targets

- Target
  
  1771bccdd4c4fdc7d50d97ac10e5b1e0f980a4ff31233c59e9cfa17e9cd36a24
- Size
  
  253KB
- MD5
  
  9d38faec3253e9ce395c8970d03d8180
- SHA1
  
  53128b83b922c39ed32065c9d8baae2c13059719
- SHA256
  
  1771bccdd4c4fdc7d50d97ac10e5b1e0f980a4ff31233c59e9cfa17e9cd36a24
- SHA512
  
  0c883d98ff5f255f3c4cdc1664f726606e44280e867dd727caa19cd6aa3aee849c4dc5d9555b118310f2b648a2c217d30d297005648c61edd40969e21dd2271a
Score

10^/10

xloader 9gdg loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloader9gdgloaderrat