xloader | c50fdcefdf51c648404eb54eebcb81012e2c736252e232759c7eef5fac1d5174 | Triage

Sharing

General

Target

QUOTE REQUEST FOB_Medlited Trading Co.exe
Size

611KB
Sample

211119-jvd9eacfg5
MD5

8ddcaa0954d47bcb1e6b18de42fbfd6c
SHA1

8de0ab3b4e57d551f4783b6a1410d429c8b62c38
SHA256

c50fdcefdf51c648404eb54eebcb81012e2c736252e232759c7eef5fac1d5174
SHA512

31dc38d1d45893c6f00e28d2cf192e1451a5c4e84af701fe76c04b1175a7c528f7f95d1d3ec3edb30448b2465e127c66c64904e07da9a762663e9b29c8c4c80d

Score

10^/10

xloader 46uq loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.liberia-infos.net/46uq/

Decoy

beardeddentguy.com

envirobombs.com

mintbox.pro

xiangpusun.com

pyjama-france.com

mendocinocountylive.com

innovativepropsolutions.com

hpsaddlerock.com

qrmaindonesia.com

liphelp.com

archaeaenergy.info

18446744073709551615.com

littlecreekacresri.com

elderlycareacademy.com

drshivanieyecare.com

ashibumi.com

stevenalexandergolf.com

adoratv.net

visitnewrichmond.com

fxbvanpool.com

Targets

- Target
  
  QUOTE REQUEST FOB_Medlited Trading Co.exe
- Size
  
  611KB
- MD5
  
  8ddcaa0954d47bcb1e6b18de42fbfd6c
- SHA1
  
  8de0ab3b4e57d551f4783b6a1410d429c8b62c38
- SHA256
  
  c50fdcefdf51c648404eb54eebcb81012e2c736252e232759c7eef5fac1d5174
- SHA512
  
  31dc38d1d45893c6f00e28d2cf192e1451a5c4e84af701fe76c04b1175a7c528f7f95d1d3ec3edb30448b2465e127c66c64904e07da9a762663e9b29c8c4c80d
Score

10^/10

xloader 46uq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloader46uqloaderrat

behavioral2

xloader46uqloaderrat