xloader | 309823f6a6820db5d24443327e3b566f8d2aa16b3a9052086f521488a46e1532 | Triage

Sharing

General

Target

SHIPPING DOCUMENT.exe
Size

673KB
Sample

211022-yktcxacag3
MD5

f9ed39427014d807dbbbf35c45d411bd
SHA1

ec55a74f3cda76f09db8f409572a944c8bdaf346
SHA256

309823f6a6820db5d24443327e3b566f8d2aa16b3a9052086f521488a46e1532
SHA512

c5598c7f370c4c9c87c6a4e2782add3ef609abdec4cc5325ca0e27e7a7a75a23dcf8d1496b861449e1b3c205c3f63958795a33e8ae070894d100d34bc6d96ec7

Score

10^/10

xloader pfrp loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pfrp

C2

http://www.25922727.com/pfrp/

Decoy

aodesai.store

sultrymilfs.com

gratisratio.com

syntheticloot.net

imnntomen.xyz

fantacyfreshwaterfishing.com

onesolutionasia.com

xn--laufgefhl-bocholt-82b.com

hausense.quest

broncomall.com

ioewur.xyz

wilsontennis.store

eleditorplatense.com

windowcompanynaperville.com

azuremodule.com

letziexpress.com

idtbc.com

herbalshishaflower.com

basementdwellersnft.com

28686ay.com

Targets

- Target
  
  SHIPPING DOCUMENT.exe
- Size
  
  673KB
- MD5
  
  f9ed39427014d807dbbbf35c45d411bd
- SHA1
  
  ec55a74f3cda76f09db8f409572a944c8bdaf346
- SHA256
  
  309823f6a6820db5d24443327e3b566f8d2aa16b3a9052086f521488a46e1532
- SHA512
  
  c5598c7f370c4c9c87c6a4e2782add3ef609abdec4cc5325ca0e27e7a7a75a23dcf8d1496b861449e1b3c205c3f63958795a33e8ae070894d100d34bc6d96ec7
Score

10^/10

xloader pfrp loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderpfrploaderrat

behavioral2

xloaderpfrploaderrat