xloader | e7f1ace8723e30320b9e8bc3dc8a079c2d82d8c58b6ef7e0810ee4f661f5f141 | Triage

Sharing

General

Target

PO_No.202201EYL-01_ABW.exe
Size

1.0MB
Sample

211117-h8dpcshfe3
MD5

0025968e7da258b082f9c904e500568b
SHA1

49f3dbc6f9f52322240285c8ba8ac65d6f528c87
SHA256

e7f1ace8723e30320b9e8bc3dc8a079c2d82d8c58b6ef7e0810ee4f661f5f141
SHA512

d9f6ebef441441c7ef749039c724e7c13bb5d4cb552b2509b7f9aa19a31c255ba6213124b4bff62d78f2867d8edc73286083bf2c454cd8f0ea55fe7d488e378b

Score

10^/10

xloader 46uq loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.liberia-infos.net/46uq/

Decoy

beardeddentguy.com

envirobombs.com

mintbox.pro

xiangpusun.com

pyjama-france.com

mendocinocountylive.com

innovativepropsolutions.com

hpsaddlerock.com

qrmaindonesia.com

liphelp.com

archaeaenergy.info

18446744073709551615.com

littlecreekacresri.com

elderlycareacademy.com

drshivanieyecare.com

ashibumi.com

stevenalexandergolf.com

adoratv.net

visitnewrichmond.com

fxbvanpool.com

Targets

- Target
  
  PO_No.202201EYL-01_ABW.exe
- Size
  
  1.0MB
- MD5
  
  0025968e7da258b082f9c904e500568b
- SHA1
  
  49f3dbc6f9f52322240285c8ba8ac65d6f528c87
- SHA256
  
  e7f1ace8723e30320b9e8bc3dc8a079c2d82d8c58b6ef7e0810ee4f661f5f141
- SHA512
  
  d9f6ebef441441c7ef749039c724e7c13bb5d4cb552b2509b7f9aa19a31c255ba6213124b4bff62d78f2867d8edc73286083bf2c454cd8f0ea55fe7d488e378b
Score

10^/10

xloader 46uq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloader46uqloaderrat

behavioral2

xloader46uqloaderrat