xloader | 6623c86614f32885765a529c796fbe3e3b476dc58782a813e622d0d0873eaafb | Triage

Sharing

General

Target

OCT Quotation.exe
Size

382KB
Sample

211020-nekhpsghh5
MD5

1f747491324af43e7e9432bf1c805c85
SHA1

30af5d5964916a694e52396711be4b2441250e01
SHA256

6623c86614f32885765a529c796fbe3e3b476dc58782a813e622d0d0873eaafb
SHA512

56271611779e2c0f18855deb72b3411a09a8e3e688c143a4eac756f9c88669755c07a6180c1a0d1766203d9bca64bc1b8e660470a5c33ff67f96c3cf4a124133

Score

10^/10

xloader b2c0 loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b2c0

C2

http://www.thesewhitevvalls.com/b2c0/

Decoy

bjyxszd520.xyz

hsvfingerprinting.com

elliotpioneer.com

bf396.com

chinaopedia.com

6233v.com

shopeuphoricapparel.com

loccssol.store

truefictionpictures.com

playstarexch.com

peruviancoffee.store

shobhajoshi.com

philme.net

avito-rules.com

independencehomecenters.com

atp-cayenne.com

invetorsbank.com

sasanos.com

scentfreebnb.com

catfuid.com

Targets

- Target
  
  OCT Quotation.exe
- Size
  
  382KB
- MD5
  
  1f747491324af43e7e9432bf1c805c85
- SHA1
  
  30af5d5964916a694e52396711be4b2441250e01
- SHA256
  
  6623c86614f32885765a529c796fbe3e3b476dc58782a813e622d0d0873eaafb
- SHA512
  
  56271611779e2c0f18855deb72b3411a09a8e3e688c143a4eac756f9c88669755c07a6180c1a0d1766203d9bca64bc1b8e660470a5c33ff67f96c3cf4a124133
Score

10^/10

xloader b2c0 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderb2c0loaderrat

behavioral2

xloaderb2c0loaderrat