xloader | a9dd9bda70b16a68d8f55e09a1f9bc5d29b49ca060d5642ac9057ab50968f262 | Triage

Resubmissions

18-01-2022 12:54

220118-p5btxsbbg7 10

18-01-2022 12:30

220118-ppkrwsbccl 10

Sharing

General

Target

a9dd9bda70b16a68d8f55e09a1f9bc5d29b49ca060d5642ac9057ab50968f262
Size

296KB
Sample

220118-ppkrwsbccl
MD5

5a7fb563dee97fc9d1ad8b00ce00a2f5
SHA1

98501bf8fbd4234fd696b41924899e8ba8f3655d
SHA256

a9dd9bda70b16a68d8f55e09a1f9bc5d29b49ca060d5642ac9057ab50968f262
SHA512

d4a17caebe6570c186a383c92c678567165f6d5965cde2313a2debe2f55cea9b53e6d8436f49cdb718bd2dfb3122f6f23c28c2543d2c23c4cb547f1c84a95495

Score

10^/10

xloader o6tg loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

o6tg

Decoy

turkscaicosonline.com

novelfoodtech.com

zgrmfww.com

gestionalcliente24hrs.store

postrojka.com

tapissier-uzes.com

tobytram.one

preamblegames.com

clicklinkzs.com

franksenen.com

beautygateway.net

foils-online.com

aout.us

promarkoperations.com

alignatura.com

changemylifefast.info

minbex.icu

internethustlersociety.com

chinacqn.com

fibsh.com

Targets

- Target
  
  a9dd9bda70b16a68d8f55e09a1f9bc5d29b49ca060d5642ac9057ab50968f262
- Size
  
  296KB
- MD5
  
  5a7fb563dee97fc9d1ad8b00ce00a2f5
- SHA1
  
  98501bf8fbd4234fd696b41924899e8ba8f3655d
- SHA256
  
  a9dd9bda70b16a68d8f55e09a1f9bc5d29b49ca060d5642ac9057ab50968f262
- SHA512
  
  d4a17caebe6570c186a383c92c678567165f6d5965cde2313a2debe2f55cea9b53e6d8436f49cdb718bd2dfb3122f6f23c28c2543d2c23c4cb547f1c84a95495
Score

10^/10

xloader o6tg loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadero6tgloaderrat