xloader | 33804adf1254ef1376ce4a0416ff03db837b5bf23a752b8483ffdc1738a5cb59 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

33804adf1254ef1376ce4a0416ff03db837b5bf23a752b8483ffdc1738a5cb59
Size

510KB
Sample

220620-rnf4esgae4
MD5

ed110000e4a38ea4c524a777c0b28a38
SHA1

a82ea598a09bf51269131363d2ca1120e45c92aa
SHA256

33804adf1254ef1376ce4a0416ff03db837b5bf23a752b8483ffdc1738a5cb59
SHA512

b771cae1b0e7a25d58dbbdb60a86d39bed08d6c0f97d18b928cb1179dba6911f494b4cec853d169d3113f2a7afa1c3ac45e6fb74f6c6a1fa73978b9209c0de4e

Score

10^/10

xloader loader rat

Static task

static1

Behavioral task

behavioral1

Sample

33804adf1254ef1376ce4a0416ff03db837b5bf23a752b8483ffdc1738a5cb59.exe

Resource

win10v2004-20220414-en

xloader loader rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  33804adf1254ef1376ce4a0416ff03db837b5bf23a752b8483ffdc1738a5cb59
- Size
  
  510KB
- MD5
  
  ed110000e4a38ea4c524a777c0b28a38
- SHA1
  
  a82ea598a09bf51269131363d2ca1120e45c92aa
- SHA256
  
  33804adf1254ef1376ce4a0416ff03db837b5bf23a752b8483ffdc1738a5cb59
- SHA512
  
  b771cae1b0e7a25d58dbbdb60a86d39bed08d6c0f97d18b928cb1179dba6911f494b4cec853d169d3113f2a7afa1c3ac45e6fb74f6c6a1fa73978b9209c0de4e
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderloaderrat

© 2018-2024

Terms | Privacy