xloader | b94f37134c31d499c2e8e3d952cb81c1453d211d1ecdfc2eaa32cc8f6b5c5604 | Triage

Sharing

General

Target

b94f37134c31d499c2e8e3d952cb81c1453d211d1ecdfc2eaa32cc8f6b5c5604
Size

460KB
Sample

211214-a8xhgafhen
MD5

a73d6ce97ea7a3474fa89ab2616af9a2
SHA1

a4d7bad44c7d2d783e864433abb09aa5ccb531be
SHA256

b94f37134c31d499c2e8e3d952cb81c1453d211d1ecdfc2eaa32cc8f6b5c5604
SHA512

b38de64a3c73a8b7723c281192b2d272bc7dad882cb66db43a89ad82ff3a3e2bf28b1cdc59d438f23c34d0a7b285af0982d93fe3cdfe9bb31fa696c9e9830953

Score

10^/10

xloader fqiq loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fqiq

C2

http://www.esyscoloradosprings.com/fqiq/

Decoy

driventow.com

ipatchwork.today

bolder.equipment

seal-brother.com

mountlaketerraceapartments.com

weeden.xyz

sanlifalan.com

athafood.com

isshinn1.com

creationslazzaroni.com

eclecticrenaissancewoman.com

satellitephonstore.com

cotchildcare.com

yamacorp.digital

ff4cuno43.xyz

quicksticks.community

govindfinance.com

farmersfirstseed.com

megacinema.club

tablescaperendezvous4two.com

Targets

- Target
  
  b94f37134c31d499c2e8e3d952cb81c1453d211d1ecdfc2eaa32cc8f6b5c5604
- Size
  
  460KB
- MD5
  
  a73d6ce97ea7a3474fa89ab2616af9a2
- SHA1
  
  a4d7bad44c7d2d783e864433abb09aa5ccb531be
- SHA256
  
  b94f37134c31d499c2e8e3d952cb81c1453d211d1ecdfc2eaa32cc8f6b5c5604
- SHA512
  
  b38de64a3c73a8b7723c281192b2d272bc7dad882cb66db43a89ad82ff3a3e2bf28b1cdc59d438f23c34d0a7b285af0982d93fe3cdfe9bb31fa696c9e9830953
Score

10^/10

xloader fqiq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderfqiqloaderrat