xloader | 2386acaa004ee3be0654ddb8d1fb1966d004b2f23f4a428149a73e4f92ed9415 | Triage

Sharing

General

Target

Payment_Authorization Issue_swift MT105TT.rar
Size

376KB
Sample

211122-q6zg2sffcj
MD5

e74a40a1b74b85e91c55432db9f32eea
SHA1

257977721b457b92819b2f20dcd1d2978a73255e
SHA256

2386acaa004ee3be0654ddb8d1fb1966d004b2f23f4a428149a73e4f92ed9415
SHA512

a99afc36143b2600664591700dd3d0b7cbfeda9f75788d906d1d9fd42b18fa50ebb93f275e349fe022456b7ba3270a8e502a54061289ab876083f6d4823fb150

Score

10^/10

xloader 46uq loader rat suricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.liberia-infos.net/46uq/

Decoy

beardeddentguy.com

envirobombs.com

mintbox.pro

xiangpusun.com

pyjama-france.com

mendocinocountylive.com

innovativepropsolutions.com

hpsaddlerock.com

qrmaindonesia.com

liphelp.com

archaeaenergy.info

18446744073709551615.com

littlecreekacresri.com

elderlycareacademy.com

drshivanieyecare.com

ashibumi.com

stevenalexandergolf.com

adoratv.net

visitnewrichmond.com

fxbvanpool.com

Targets

- Target
  
  Payment_Authorization Issue_swift MT105TT.exe
- Size
  
  459KB
- MD5
  
  e33471aca4f7ba9761cfbf41b091c9da
- SHA1
  
  a3b8444a7367eec1b5fe10f11d653b29a27c3b73
- SHA256
  
  c36c4e9b60d516ae00051b635624267123056adbbd874b7b9f67920dcb71aada
- SHA512
  
  ce8b9cf90ecbd781c7d3c75aa7694d75e2c6a4c49570de3f67b161cd64a21ac59d65228336be7a98fbfc7d0ad41b94aebb1dacb9fad88f00c1507503fcb3a790
Score

10^/10

xloader 46uq loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

xloader46uqloaderratsuricata