xloader | ffbd8cb5a8779c934324bbee870d6b1d7549d4c6eb358cd67b923aa8a5b21a36 | Triage

Sharing

General

Target

ffbd8cb5a8779c934324bbee870d6b1d7549d4c6eb358cd67b923aa8a5b21a36
Size

469KB
Sample

220509-ryptbadef7
MD5

6b216b6cc15be9968b6c6eef5fa8591a
SHA1

95a56eb69683dfb5ef9710cc4ddf28c3d2f6ac85
SHA256

ffbd8cb5a8779c934324bbee870d6b1d7549d4c6eb358cd67b923aa8a5b21a36
SHA512

598f4601addb24e457069731aaa2c35092c607a83de7c828eb0ebec983094b6a2f881e16ad7dfaf8289aaf81c20931edcbc6700cd9ebfe634a597528795e1623

Score

10^/10

xloader quc5 loader rat suricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

quc5

Decoy

writerpilotpublishing.com

journeywands.com

madacambo.com

boreslirealestate.com

drillshear.com

urbanmastic.com

focalbunk.com

ghpgroupinc.xyz

rfgmhnvf.com

241mk.com

mandolinzen.com

thenorthstarbets.com

oggperformancehorses.com

webuywholesalerhouses.com

cinreyyy.com

theyoungwedding.com

neuro-ai-web-ru.digital

zavienniky.xyz

kin-school.com

lowratepersonalloans.com

Targets

- Target
  
  ffbd8cb5a8779c934324bbee870d6b1d7549d4c6eb358cd67b923aa8a5b21a36
- Size
  
  469KB
- MD5
  
  6b216b6cc15be9968b6c6eef5fa8591a
- SHA1
  
  95a56eb69683dfb5ef9710cc4ddf28c3d2f6ac85
- SHA256
  
  ffbd8cb5a8779c934324bbee870d6b1d7549d4c6eb358cd67b923aa8a5b21a36
- SHA512
  
  598f4601addb24e457069731aaa2c35092c607a83de7c828eb0ebec983094b6a2f881e16ad7dfaf8289aaf81c20931edcbc6700cd9ebfe634a597528795e1623
Score

10^/10

xloader quc5 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderquc5loaderratsuricata