xloader | 96eb36242589b7a64977eea92e0c0834e5321b605f9a306110398d4da428f3d3 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.Inject4.19817.13045.32260
Size

816KB
Sample

211117-l2tc1sade2
MD5

9fcb723c209d94bce4bba9329f2afc67
SHA1

378492a828f10eeeee84fab591f9124d2da4dda8
SHA256

96eb36242589b7a64977eea92e0c0834e5321b605f9a306110398d4da428f3d3
SHA512

31765aa62563a45de2d395dd42caf636dcfa5e8c3df061b9c396b062286f46542a58411dc340e487de3708747cbf0a667db86dd4f5d111aae88dc4f56551a318

Score

10^/10

xloader 46uq loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.liberia-infos.net/46uq/

Decoy

beardeddentguy.com

envirobombs.com

mintbox.pro

xiangpusun.com

pyjama-france.com

mendocinocountylive.com

innovativepropsolutions.com

hpsaddlerock.com

qrmaindonesia.com

liphelp.com

archaeaenergy.info

18446744073709551615.com

littlecreekacresri.com

elderlycareacademy.com

drshivanieyecare.com

ashibumi.com

stevenalexandergolf.com

adoratv.net

visitnewrichmond.com

fxbvanpool.com

Targets

- Target
  
  SecuriteInfo.com.Trojan.Inject4.19817.13045.32260
- Size
  
  816KB
- MD5
  
  9fcb723c209d94bce4bba9329f2afc67
- SHA1
  
  378492a828f10eeeee84fab591f9124d2da4dda8
- SHA256
  
  96eb36242589b7a64977eea92e0c0834e5321b605f9a306110398d4da428f3d3
- SHA512
  
  31765aa62563a45de2d395dd42caf636dcfa5e8c3df061b9c396b062286f46542a58411dc340e487de3708747cbf0a667db86dd4f5d111aae88dc4f56551a318
Score

10^/10

xloader 46uq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloader46uqloaderrat

behavioral2

xloader46uqloaderrat