xloader | 436b6a6031748458ed3e78927394bf124d79e779ccb81eb7329beb9eaa3e9b17 | Triage

Submit
Reports

Overview

overview

Static

static

Purchase Order.exe

windows7_x64

Purchase Order.exe

windows10_x64

Sharing

General

Target

Purchase Order.exe
Size

893KB
Sample

220622-zsb92adbd2
MD5

001572ce1d689cab9270948ca76d61c0
SHA1

5d833185231eca4887b43a87842f17e1970216c8
SHA256

436b6a6031748458ed3e78927394bf124d79e779ccb81eb7329beb9eaa3e9b17
SHA512

82f754e319e765aa3c756483d10f3d8415b458bc75c1c3d2bb1f2fd39e8b68adc20fa1640f0d9d00634f2efe9f0cff7bc423b55cded390665794c1e24a045ff5

Score

10^/10

xloader nn40 loader rat spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Order.exe

Resource

win7-20220414-en

xloader nn40 loader rat spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Order.exe

Resource

win10-20220414-en

xloader nn40 loader rat spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.8

Campaign

nn40

Decoy

LYAg0yANOGEAGeaFOrA/

MQWuERZplP+VZy/uszI=

CF0oDN0JimIaGy/uszI=

ltJnyC+ReohYaiTvj1qbEA==

B9OkgdctVKBAFjSUaw==

sbDVwSZVVqVB11/deow8GA==

v1gHDe0pzno=

i+/0n2vHUfGPR98k77tukZ90MQ==

SUtCnbS96Qm21g==

8X9qzyt1dpAo31jXrXfKb49fBPY=

5KlPxqHzSstuFjSUaw==

0r/Kesv/zuanroxvNQW0Gm8=

FFgS7kfPYAqpdhhgRgnBJHY=

LgusAHrkrIoWr0FWIe2o/04UXPw=

vBq9Gvxa9wbKbS/uszI=

Z+q6HAZNNeqwwQ==

wbS4fMb06SjU5Kbseow8GA==

1mZEuZvJ/m0L9bof56PkkZ90MQ==

JCJIM74lHk/o+tiFOrA/

d14FrM8rGEgIzVkT67+3XaEh

OtJqJTaZyD/bgy/uszI=

MMzqpo3pVjbaigine/p4W6dqZPJKkg==

LRS4MpnBeVxC/bqjf0kMBGop69QC

7FTxgWaTLAKbm3B0QgW0Gm8=

hjbYktAyum2JNK6N

WRtxyNlENeqwwQ==

MTOKH+0pzno=

8LkJ8EsWWHIK

zs758oMTaffAxI0bn2uqFw==

ariAXDqMsKpwF5U=

UEZOAmXFnpRh+rqD

T5e5xzlTNeqwwQ==

tp424+UDomI=

Y7VXD+I8CKVuDZQ=

zg6qeGbHO1F+FjSUaw==

JPypEB2CuDAz+bXSrjo=

8ah8cf5odcPNS+Sa

k+CGNhyOMKVuDZQ=

oVviitkD8B7ZmijeyIDFOI9nZPJKkg==

TtztqHfKKqQWuVRvT9fSSpJJmAFYLjw=

p6pvJHfZmJgx6XwYuL56b798MA==

WWmegczy4x2O+cIC27RtkZ90MQ==

/QrLiDyde3RJWRwRmWYo

PtShJAZG1WU6LP3osjo=

ZTrOf2PMho1kdm/JtSU=

A1ssC+pS8dvNS+Sa

K4g38tVda8DNS+Sa

Dz7fj13DnKh1iV8++X2H8Fbeq1jBGh4D

0AjPwNQtnWUEpDBAJbq9GG8p69QC

ALhKrIu7/5BTRf1OQAW0Gm8=

a5Zp3GrGWhzmrBYRmWYo

dwzcQzpnYYAi8G7eypfSS6d3oWmQnQ==

VR3AHfcDyG79m6bm0YnEOEBS/fQ=

pyZFKiWXNaVuDZQ=

dzf0zzBlYaqLFjSUaw==

D6TIj16hJ8JhJMom8rlxkZ90MQ==

8qkyvpp56Qm21g==

4qNmKHymVg3Bx4M=

MOiH6DRYhutyFjSUaw==

JqTDnm+zOQLV+83Ucm9GDw==

YQilIAQqUM5vFjSUaw==

84U/nbvTQwzcyQ==

mC34kB9LdeJuFjSUaw==

DKLKrbwuuWyJNK6N

thisismyhomevalue.com

Targets

- Target
  
  Purchase Order.exe
- Size
  
  893KB
- MD5
  
  001572ce1d689cab9270948ca76d61c0
- SHA1
  
  5d833185231eca4887b43a87842f17e1970216c8
- SHA256
  
  436b6a6031748458ed3e78927394bf124d79e779ccb81eb7329beb9eaa3e9b17
- SHA512
  
  82f754e319e765aa3c756483d10f3d8415b458bc75c1c3d2bb1f2fd39e8b68adc20fa1640f0d9d00634f2efe9f0cff7bc423b55cded390665794c1e24a045ff5
Score

10^/10

xloader nn40 loader rat spyware stealer suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE FormBook CnC Checkin (POST) M2
  suricata: ET MALWARE FormBook CnC Checkin (POST) M2
  suricata
- Xloader Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernn40loaderratspywarestealersuricata

behavioral2

xloadernn40loaderratspywarestealersuricata

© 2018-2024

Terms | Privacy