xloader | 6ded282fce6dec44f93d62a0e940deb3234e0fa78222545c70630b62c5576f9a | Triage

Sharing

General

Target

invoice__ copies__ dated__ 0010_15_ 02_2021__ .pdf...zip
Size

447KB
Sample

211029-qhl7taaagm
MD5

52c0e7d92b3db40245a1d721b6bd7b6b
SHA1

7813be7f1036bb64c27fba3bc136139ddea8fd44
SHA256

6ded282fce6dec44f93d62a0e940deb3234e0fa78222545c70630b62c5576f9a
SHA512

d35f0ffa2ea5b94536e696a156630c9406e1b067f2466b8445ea937b5808d7acefb96099a7da566a2f83ac3186df551252dadc142a261bf8553d3073f355e527

Score

10^/10

xloader s86j loader rat suricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s86j

C2

http://www.emboldenlife.net/s86j/

Decoy

getlumichargeserver.com

act-vitaalcoach.store

craftgeekz.com

monetflowerfarm.com

morakotislandrealty.com

onlineastrologeruk.com

evvpsml.com

hnbtc.net

auxiliacapitalpartnersllc.com

rdwoodworksstore.com

shulwinfitness.com

arterialhealthgrids.com

cryptork.biz

solomini-tech.com

porttownsendapartments.com

poprumor.com

assetsauctioneer.com

electronics2anyone.com

upskillpme.online

247fooddelivery.com

Targets

- Target
  
  invoice__ copies__ dated__ 0010_15_ 02_2021__ .pdf....exe
- Size
  
  589KB
- MD5
  
  459fd6b83e4ac5b4124ecfbaae7168f5
- SHA1
  
  24e5cdc4a38ff036ffa6b908e25b0993a334a945
- SHA256
  
  4c418bd571e977ea387d457f001ab521b011c733daef4cd3e7b98de64d6b75cc
- SHA512
  
  fa253ce883bc2932e2870e6a6ec7920ea734d99b9bae245b865a7bded57e42eeddf9faf416c752b9d09726864dfe4b3a6f0fe44d497ff117d8d8a847ee54460f
Score

10^/10

xloader s86j loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaders86jloaderratsuricata

behavioral2

xloaders86jloaderratsuricata