xloader | 6724b4abaf05bc011ee266d499d2eecadd61a305cd0a8e3c099193a3b9323a3c | Triage

Sharing

General

Target

6724b4abaf05bc011ee266d499d2eecadd61a305cd0a8e3c099193a3b9323a3c
Size

252KB
Sample

210923-yg2j4sfael
MD5

0efbf49197257609b692c8579c7c15cd
SHA1

5390a1eb61e84c9d546178e7c43a810c309f9013
SHA256

6724b4abaf05bc011ee266d499d2eecadd61a305cd0a8e3c099193a3b9323a3c
SHA512

823c648b4a3a196d98446ca9c5177cbd8ac0c753e372daf789ca8f6b3848344160b859de9e0a353d252a37b112abe30f8f5e0a28ceae6da61d47928f80c19a1c

Score

10^/10

xloader 9gdg loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

9gdg

C2

http://www.dechocolate.online/9gdg/

Decoy

cao-catos.ca

humanityumbrella.com

heatherflintford.com

paddyjulian.com

venturedart.com

pimpyoursmile.com

shellbacklabs.com

acesteeisupply.com

socotrajeweltours.com

aykutozden.com

corncobmeal.com

lesbiansforever.com

picknock.com

pawspetreiki.com

waikikidesignco.com

lelittnpasumo4.xyz

billing-updating.info

barangdapo.com

gatorfirerescue.com

jmovt.com

Targets

- Target
  
  6724b4abaf05bc011ee266d499d2eecadd61a305cd0a8e3c099193a3b9323a3c
- Size
  
  252KB
- MD5
  
  0efbf49197257609b692c8579c7c15cd
- SHA1
  
  5390a1eb61e84c9d546178e7c43a810c309f9013
- SHA256
  
  6724b4abaf05bc011ee266d499d2eecadd61a305cd0a8e3c099193a3b9323a3c
- SHA512
  
  823c648b4a3a196d98446ca9c5177cbd8ac0c753e372daf789ca8f6b3848344160b859de9e0a353d252a37b112abe30f8f5e0a28ceae6da61d47928f80c19a1c
Score

10^/10

xloader 9gdg loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloader9gdgloaderrat