xloader | 0afd047607e52ba3e4994fd71a66964ab2af835b661746cf12ab53368a40b7ad | Triage

Sharing

General

Target

RFQ_220124.bin
Size

413KB
Sample

220124-ntw52seeb4
MD5

fd122178ca3830214dc968e8d43ea612
SHA1

3681e97e3f5ab122715185f8d709ad532d4ab28e
SHA256

0afd047607e52ba3e4994fd71a66964ab2af835b661746cf12ab53368a40b7ad
SHA512

1eb793cff69d9ce39d5ab9acfa019046dcfaaf10824db2b2c926f50dcbc755378e5ec8f9e7cb8c8f2759c1ceaa4142411da5f477d4abd6844856d36e4bbf7c4c

Score

10^/10

xloader s9ne loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s9ne

Decoy

digital-performance-award.com

fioratti.xyz

designluxre.com

cngangdun.com

restaurantperladelmare.com

davinci65.info

glossmans.com

firstsmileimaging.com

indevmobility.biz

mvptcodesupport.com

crustenc.net

raleighsportsacademy.com

boytoyporn.com

rojaspass.com

acmepaysage.fr

shopatdean.xyz

leonergsteve18870.com

elnahuel.com

ils.network

canto-libero.com

Targets

- Target
  
  RFQ_220124.bin
- Size
  
  413KB
- MD5
  
  fd122178ca3830214dc968e8d43ea612
- SHA1
  
  3681e97e3f5ab122715185f8d709ad532d4ab28e
- SHA256
  
  0afd047607e52ba3e4994fd71a66964ab2af835b661746cf12ab53368a40b7ad
- SHA512
  
  1eb793cff69d9ce39d5ab9acfa019046dcfaaf10824db2b2c926f50dcbc755378e5ec8f9e7cb8c8f2759c1ceaa4142411da5f477d4abd6844856d36e4bbf7c4c
Score

10^/10

xloader s9ne loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaders9neloaderrat

behavioral2

xloaders9neloaderrat