xloader | 3b001f0a9512ead9ddd2f68a80fc6f1db66023941956690d147f10dbc465c663 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

3b001f0a9512ead9ddd2f68a80fc6f1db66023941956690d147f10dbc465c663
Size

613KB
Sample

211108-l8l8aaghhn
MD5

88d735da9f8ca6d1cfb1ff692715cc8b
SHA1

1583386de41eca9d2bfe9a21741219c4db356cf5
SHA256

3b001f0a9512ead9ddd2f68a80fc6f1db66023941956690d147f10dbc465c663
SHA512

894147a5980b0bcaac7bb410f6bb009919737e285b23d049ae54217d2ed935bfd44227e380d76678243e62dbfa121a6ad913ad0cab722417edb50dd0a93143b7

Score

10^/10

xloader upi8 agilenet loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

3b001f0a9512ead9ddd2f68a80fc6f1db66023941956690d147f10dbc465c663.exe

Resource

win10-en-20211014

xloader upi8 agilenet loader rat suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

upi8

C2

http://www.dfwbcs.com/upi8/

Decoy

portavella.net

wraphollywood.com

uodpik.website

1h30m.online

taziyesayfalari.net

bigredtrucking.net

thr33h3ad3ddragon.art

magentavar.com

crowliz.net

italianexpresshouston.com

laminaparfum.com

xn--espaol101-o6a.online

orderonlinegift.com

fittuning.com

jurisligne.com

palmbeachdb.com

vatikanlottery.com

worldtravelcostarica.com

treeplantco.com

veloci-cloud.com

bjfengshibing.com

standbyez.digital

heidiscuss.xyz

usbgdt.com

njkhmj.com

halloweensells.com

rocket-bet.net

cloudofthings.net

cosachgetolk.quest

outgenerallytap.xyz

terabyte-hosting.com

kkp72.com

thesugarlanding.com

orangeroofingcompany.com

investecholdingsuk.com

americanmamallc.com

dragondrax.com

riyiflower.com

szhemgc.com

kusum.group

daniellestienstra.com

jenniferseltz.com

salon-dolphin.com

isiticisizhavaperdesi.com

hsbgs-asia.com

crishantha.info

medio-news.store

preceslume.quest

franlend.com

gsjbd24.club

davantra.com

adornel.online

zopl-49boa.com

dashmints.com

keyakiya.com

yuanyindongman.com

once-only.info

icaterlunch.com

stafftaculer.net

wildcatweedbarrier.com

alexmorton.online

zylyt.com

esnadhc.com

cataractusa.com

Targets

- Target
  
  3b001f0a9512ead9ddd2f68a80fc6f1db66023941956690d147f10dbc465c663
- Size
  
  613KB
- MD5
  
  88d735da9f8ca6d1cfb1ff692715cc8b
- SHA1
  
  1583386de41eca9d2bfe9a21741219c4db356cf5
- SHA256
  
  3b001f0a9512ead9ddd2f68a80fc6f1db66023941956690d147f10dbc465c663
- SHA512
  
  894147a5980b0bcaac7bb410f6bb009919737e285b23d049ae54217d2ed935bfd44227e380d76678243e62dbfa121a6ad913ad0cab722417edb50dd0a93143b7
Score

10^/10

xloader upi8 agilenet loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Executes dropped EXE
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xloaderupi8agilenetloaderratsuricata

© 2018-2024

Terms | Privacy