xloader | c36c4e9b60d516ae00051b635624267123056adbbd874b7b9f67920dcb71aada | Triage

Sharing

General

Target

Payment_Authorization Issue_swift MT105TT.exe
Size

459KB
Sample

211118-y4f7paaed2
MD5

e33471aca4f7ba9761cfbf41b091c9da
SHA1

a3b8444a7367eec1b5fe10f11d653b29a27c3b73
SHA256

c36c4e9b60d516ae00051b635624267123056adbbd874b7b9f67920dcb71aada
SHA512

ce8b9cf90ecbd781c7d3c75aa7694d75e2c6a4c49570de3f67b161cd64a21ac59d65228336be7a98fbfc7d0ad41b94aebb1dacb9fad88f00c1507503fcb3a790

Score

10^/10

xloader 46uq loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.liberia-infos.net/46uq/

Decoy

beardeddentguy.com

envirobombs.com

mintbox.pro

xiangpusun.com

pyjama-france.com

mendocinocountylive.com

innovativepropsolutions.com

hpsaddlerock.com

qrmaindonesia.com

liphelp.com

archaeaenergy.info

18446744073709551615.com

littlecreekacresri.com

elderlycareacademy.com

drshivanieyecare.com

ashibumi.com

stevenalexandergolf.com

adoratv.net

visitnewrichmond.com

fxbvanpool.com

Targets

- Target
  
  Payment_Authorization Issue_swift MT105TT.exe
- Size
  
  459KB
- MD5
  
  e33471aca4f7ba9761cfbf41b091c9da
- SHA1
  
  a3b8444a7367eec1b5fe10f11d653b29a27c3b73
- SHA256
  
  c36c4e9b60d516ae00051b635624267123056adbbd874b7b9f67920dcb71aada
- SHA512
  
  ce8b9cf90ecbd781c7d3c75aa7694d75e2c6a4c49570de3f67b161cd64a21ac59d65228336be7a98fbfc7d0ad41b94aebb1dacb9fad88f00c1507503fcb3a790
Score

10^/10

xloader 46uq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

xloader46uqloaderrat