xloader | 1ba605473b6fc3b244f25a8838e41a642dbf9566d347d3ea084e96bbe88aebde | Triage

Sharing

General

Target

6926a53fa91cab577d52942a39e5fb53
Size

434KB
Sample

211125-xx9pzsgdbm
MD5

6926a53fa91cab577d52942a39e5fb53
SHA1

c15dfc5e94ca97d47fd89dcdc42cc03888334c91
SHA256

1ba605473b6fc3b244f25a8838e41a642dbf9566d347d3ea084e96bbe88aebde
SHA512

02afc62ccf5c48dd3bfdc2e26eb3c6b997c65dc499d793568d04c3410b0a8961e9c7f738e7e43324d167460c6418ec911cc815a87158680d128d7f80455338fd

Score

10^/10

xloader ht08 loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ht08

C2

http://www.septemberstockevent200.com/ht08/

Decoy

joye.club

istanbulemlakgalerisi.online

annikadaniel.love

oooci.com

curebase-test.com

swisstradecenter.com

hacticum.com

centercodebase.com

recbi56ni.com

mmj0115.xyz

sharpstead.com

sprklbeauty.com

progettogenesi.cloud

dolinum.com

amaroqadvisors.com

traininig.com

leewaysvcs.com

nashhomesearch.com

joy1263.com

serkanyamac.com

Targets

- Target
  
  6926a53fa91cab577d52942a39e5fb53
- Size
  
  434KB
- MD5
  
  6926a53fa91cab577d52942a39e5fb53
- SHA1
  
  c15dfc5e94ca97d47fd89dcdc42cc03888334c91
- SHA256
  
  1ba605473b6fc3b244f25a8838e41a642dbf9566d347d3ea084e96bbe88aebde
- SHA512
  
  02afc62ccf5c48dd3bfdc2e26eb3c6b997c65dc499d793568d04c3410b0a8961e9c7f738e7e43324d167460c6418ec911cc815a87158680d128d7f80455338fd
Score

10^/10

xloader ht08 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderht08loaderrat

behavioral2

xloaderht08loaderrat