xloader | 95b6ba2be30399f87d20e021bee29f0eb46773b67407f3ed9987d22610d5249d | Triage

Sharing

General

Target

Payment Slip.exe
Size

831KB
Sample

210927-rkar8shcbj
MD5

3d0d9c87ea732caf417afa0b8af62267
SHA1

dfb1e57a9cf498310cb7287f4b5792cbcd8b3974
SHA256

95b6ba2be30399f87d20e021bee29f0eb46773b67407f3ed9987d22610d5249d
SHA512

e7db51cd7baf84cf65ebead15c3e56ca9e381866a4edc7e945affe4f64f53bef08519037a5e4fc2ef8f8034e91b240b5d3511a2cdec08e308e8e473a7430a83b

Score

10^/10

xloader qfff loader rat suricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

qfff

C2

http://www.yuumgo.academy/qfff/

Decoy

lakechelanwedding.com

jengly.com

alluresme.com

axswallet.com

meetmedubai.com

kortzfamily.com

whishfullittles.com

mts-consultant.com

amhoses.com

hdaz2.xyz

lkgsbx.com

b0ay.com

hlthits.com

dicsordgift.com

bearaconnect.com

strategicpropertyventures.com

158393097102.xyz

officesetupofficesetup.com

industrynewz.com

uperionorthamerica.com

Targets

- Target
  
  Payment Slip.exe
- Size
  
  831KB
- MD5
  
  3d0d9c87ea732caf417afa0b8af62267
- SHA1
  
  dfb1e57a9cf498310cb7287f4b5792cbcd8b3974
- SHA256
  
  95b6ba2be30399f87d20e021bee29f0eb46773b67407f3ed9987d22610d5249d
- SHA512
  
  e7db51cd7baf84cf65ebead15c3e56ca9e381866a4edc7e945affe4f64f53bef08519037a5e4fc2ef8f8034e91b240b5d3511a2cdec08e308e8e473a7430a83b
Score

10^/10

xloader qfff loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xloaderqfffloaderratsuricata