Overview

overview

10

Static

static

598247.exe

windows7_x64

10

598247.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    598247.pdf.7z

  • Size

    345KB

  • Sample

    211108-nae3esbha7

  • MD5

    9a314a10b97ec9ed3953bd602720b376

  • SHA1

    4da343ed34c1c7e4762a9c19819dd5016b4a68fd

  • SHA256

    f3d87a9bb0aa8398f346833ef3e9785f00b20a10839829813b52058f6038062f

  • SHA512

    a79191182debc2b599bace2909996cf3d0fd9d18d902556923472abedacd0345d0b8f1d4834f6777d9f20d7c9be220110c68b950d17c5b12a20d5911f14ea10f

Score
10/10
xloaderuat8agilenetloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uat8

C2

http://www.eeeptou.xyz/uat8/

Decoy

suddennnnnnnnnnnn47.xyz

fggj99.com

ojosnegroshacienda.com

tinyhollywood.com

marketersmeetup.com

anushreehomemadeproducts.online

appsdeals14.com

ocean-breath-retreat.com

subin-party.com

offroad.wiki

coryfairbanks.com

algurgpaint.net

k1snks.com

florakitchens.com

tollywoodbold.com

kzkidz.com

bequestporfze.xyz

tiplovellc.com

city-ad.com

strombolidefilm.com

Targets

    • Target

      598247.exe

    • Size

      653KB

    • MD5

      427b099e2d6546e11494814d8d0126a5

    • SHA1

      37c5784a809b01347baf257e35ead87bd5881136

    • SHA256

      9fc6b8bacb3a9190b338a07a2c35412fb0da553edd81b65190fce45883911d19

    • SHA512

      2de164c0cbef16122209cefbe7a63c74ff1054f1a443336a9fcd70599aada4ef8829e12e1b7759e5cdf5088c8309d472de6dd2c30310aa234d7d33a513ad2c6d

    Score
    10/10
    xloaderuat8agilenetloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks