xloader | d4524304e059a341b36dfff67ecfde1832142373d0728956fd8efb079440035f | Triage

Sharing

General

Target

RFQ.exe
Size

381KB
Sample

220127-hdgsjaghfk
MD5

65383c8ddea3200bf69bcc4acfc5522b
SHA1

b4f22b474c796fe40bb08787ebb2a5e503e6936c
SHA256

d4524304e059a341b36dfff67ecfde1832142373d0728956fd8efb079440035f
SHA512

fd1742d44a5137e9b21e45edc2715c5acfed2596cc32eec5bcf361fb2ecfc8dadd7a2c9519727a3772a32c6a5e30399eabcb62150253a136be4c8f8471cb7d9f

Score

10^/10

xloader oms5 loader rat suricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

oms5

Decoy

stepfantasy.media

kentuckyvapeshop.com

mod-hotels.com

kkstudy.net

temanfts.xyz

lzcsj.com

7808aaa.com

1sab.claims

yangraclelamb.com

tndlz.com

lndjg.com

scjmzs.com

galabet0350.com

xn--mobile-bar-mnchen-e3b.com

lufkinreign.com

beweig.com

happygirlxxx.com

datapieces.com

happysad.store

sweet-comforts.com

Targets

- Target
  
  RFQ.exe
- Size
  
  381KB
- MD5
  
  65383c8ddea3200bf69bcc4acfc5522b
- SHA1
  
  b4f22b474c796fe40bb08787ebb2a5e503e6936c
- SHA256
  
  d4524304e059a341b36dfff67ecfde1832142373d0728956fd8efb079440035f
- SHA512
  
  fd1742d44a5137e9b21e45edc2715c5acfed2596cc32eec5bcf361fb2ecfc8dadd7a2c9519727a3772a32c6a5e30399eabcb62150253a136be4c8f8471cb7d9f
Score

10^/10

xloader oms5 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderoms5loaderratsuricata

behavioral2

xloaderoms5loaderratsuricata