xloader | 47c82ea8fa2149641ac9406672616f32285a9be86689d74edffd2a546816452b | Triage

Sharing

General

Target

exe_47c82ea8fa2149641ac9406672616f32285a9be86689d74edffd2a546816452b
Size

749KB
Sample

211231-edxxzaged7
MD5

18fbd8319f9d3ab5011d52b026e0b9b0
SHA1

9e70d9ca4a54efd68888f739a6cb26c244391b98
SHA256

47c82ea8fa2149641ac9406672616f32285a9be86689d74edffd2a546816452b
SHA512

ea292bb2e764c5af7e04856f441ec1663bf58d8b3e5dbaeaae25dec1a774719ed76b4316dbe988190549635cc73c306e7e0b2c721f132802b2e990efef063c86

Score

10^/10

xloader mawd agilenet loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mawd

Decoy

zbgyjt.com

chosentops.com

referral.center

barakrubbertrading.com

yumekaijyuku21.com

justpita.net

floristeria7rosas1clavel.com

modularinnovationsolutions.com

halloweetee.com

transportesajusco.online

viciousprism.com

seaspiritkayaks.com

studiodannadesign.com

portraydashcam.com

lucyloeu.com

obujieitel.quest

boknowsautorepair.com

gqczj.com

beatniq-scasset.com

consultbeautyagency.com

Targets

- Target
  
  exe_47c82ea8fa2149641ac9406672616f32285a9be86689d74edffd2a546816452b
- Size
  
  749KB
- MD5
  
  18fbd8319f9d3ab5011d52b026e0b9b0
- SHA1
  
  9e70d9ca4a54efd68888f739a6cb26c244391b98
- SHA256
  
  47c82ea8fa2149641ac9406672616f32285a9be86689d74edffd2a546816452b
- SHA512
  
  ea292bb2e764c5af7e04856f441ec1663bf58d8b3e5dbaeaae25dec1a774719ed76b4316dbe988190549635cc73c306e7e0b2c721f132802b2e990efef063c86
Score

10^/10

xloader mawd agilenet loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xloadermawdagilenetloaderrat