xloader | bb81812044069608e1ba320fcb7b878c5b6895f5bf91c93027ab4161042d01c7 | Triage

Sharing

General

Target

bb81812044069608e1ba320fcb7b878c5b6895f5bf91c93027ab4161042d01c7
Size

17KB
Sample

220218-ntsgvsdcgp
MD5

92c35904f4cf224c1a26f7162e465b02
SHA1

d4d1635404188075b42f49c4714cc85faa54e71c
SHA256

bb81812044069608e1ba320fcb7b878c5b6895f5bf91c93027ab4161042d01c7
SHA512

43f28013fa83da1957cda63cdc07b12a4ee9e16f54ed1f8ff36d83d3ce3dff7d710a630e8f042291162eb225e3cd6c08c018fea28e87aa4ac3f0a24b2879c9a8

Score

10^/10

xloader ahc8 loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

Targets

- Target
  
  bb81812044069608e1ba320fcb7b878c5b6895f5bf91c93027ab4161042d01c7
- Size
  
  17KB
- MD5
  
  92c35904f4cf224c1a26f7162e465b02
- SHA1
  
  d4d1635404188075b42f49c4714cc85faa54e71c
- SHA256
  
  bb81812044069608e1ba320fcb7b878c5b6895f5bf91c93027ab4161042d01c7
- SHA512
  
  43f28013fa83da1957cda63cdc07b12a4ee9e16f54ed1f8ff36d83d3ce3dff7d710a630e8f042291162eb225e3cd6c08c018fea28e87aa4ac3f0a24b2879c9a8
Score

10^/10

xloader ahc8 loader rat
- Suspicious use of NtCreateProcessExOtherParentProcess
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderahc8loaderrat