xloader | f8c0d385ece89cd926b2c74680c036f9927414955e7ff4ed12b576470b8c1745 | Triage

Sharing

General

Target

TT_SWIFT_Export Order_noref S10SMG00318021.exe
Size

653KB
Sample

211125-ty8yasbbb4
MD5

fff91c58119d3cd7f68457e8565f7116
SHA1

4201eb7214bd3658889739e4856412b8063e0405
SHA256

f8c0d385ece89cd926b2c74680c036f9927414955e7ff4ed12b576470b8c1745
SHA512

c05cf9e0ed2aad4c08b394d97fc1257d273aa8dd51a45487ba51ff5973ab7b2227aba7ea1e1e8e9daf7416aaea418b06edfa29ff93665f6d3cc5b1a392dbed92

Score

10^/10

xloader 46uq loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

46uq

C2

http://www.liberia-infos.net/46uq/

Decoy

beardeddentguy.com

envirobombs.com

mintbox.pro

xiangpusun.com

pyjama-france.com

mendocinocountylive.com

innovativepropsolutions.com

hpsaddlerock.com

qrmaindonesia.com

liphelp.com

archaeaenergy.info

18446744073709551615.com

littlecreekacresri.com

elderlycareacademy.com

drshivanieyecare.com

ashibumi.com

stevenalexandergolf.com

adoratv.net

visitnewrichmond.com

fxbvanpool.com

Targets

- Target
  
  TT_SWIFT_Export Order_noref S10SMG00318021.exe
- Size
  
  653KB
- MD5
  
  fff91c58119d3cd7f68457e8565f7116
- SHA1
  
  4201eb7214bd3658889739e4856412b8063e0405
- SHA256
  
  f8c0d385ece89cd926b2c74680c036f9927414955e7ff4ed12b576470b8c1745
- SHA512
  
  c05cf9e0ed2aad4c08b394d97fc1257d273aa8dd51a45487ba51ff5973ab7b2227aba7ea1e1e8e9daf7416aaea418b06edfa29ff93665f6d3cc5b1a392dbed92
Score

10^/10

xloader 46uq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloader46uqloaderrat

behavioral2

xloader46uqloaderrat