xloader | c9777cb78779de98104f1a01584f9df07e39b7ace7d5e6686d225e7261bd9447 | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

517KB
Sample

220719-edyjhaacfm
MD5

a09f93f7606aa64851c9a8f82317b72f
SHA1

c33ea2eb219a088610847905251e5e2c3d2c87a2
SHA256

c9777cb78779de98104f1a01584f9df07e39b7ace7d5e6686d225e7261bd9447
SHA512

c5923ec47cc02a048fbbe8876c6f982d56dd6ea8936848db5a51ec6ad8ce16df9271a00c187a9ea653beaa490ba769c1339a5c3384180ba4d3961c471b7dfd59

Score

10^/10

xloader nn40 loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220715-en

xloader nn40 loader rat suricata

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20220414-en

xloader nn40 loader rat suricata

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

xloader

Version

2.8

Campaign

nn40

Decoy

LYAg0yANOGEAGeaFOrA/

MQWuERZplP+VZy/uszI=

CF0oDN0JimIaGy/uszI=

ltJnyC+ReohYaiTvj1qbEA==

B9OkgdctVKBAFjSUaw==

sbDVwSZVVqVB11/deow8GA==

v1gHDe0pzno=

i+/0n2vHUfGPR98k77tukZ90MQ==

SUtCnbS96Qm21g==

8X9qzyt1dpAo31jXrXfKb49fBPY=

5KlPxqHzSstuFjSUaw==

0r/Kesv/zuanroxvNQW0Gm8=

FFgS7kfPYAqpdhhgRgnBJHY=

LgusAHrkrIoWr0FWIe2o/04UXPw=

vBq9Gvxa9wbKbS/uszI=

Z+q6HAZNNeqwwQ==

wbS4fMb06SjU5Kbseow8GA==

1mZEuZvJ/m0L9bof56PkkZ90MQ==

JCJIM74lHk/o+tiFOrA/

d14FrM8rGEgIzVkT67+3XaEh

OtJqJTaZyD/bgy/uszI=

MMzqpo3pVjbaigine/p4W6dqZPJKkg==

LRS4MpnBeVxC/bqjf0kMBGop69QC

7FTxgWaTLAKbm3B0QgW0Gm8=

hjbYktAyum2JNK6N

WRtxyNlENeqwwQ==

MTOKH+0pzno=

8LkJ8EsWWHIK

zs758oMTaffAxI0bn2uqFw==

ariAXDqMsKpwF5U=

UEZOAmXFnpRh+rqD

T5e5xzlTNeqwwQ==

tp424+UDomI=

Y7VXD+I8CKVuDZQ=

zg6qeGbHO1F+FjSUaw==

JPypEB2CuDAz+bXSrjo=

8ah8cf5odcPNS+Sa

k+CGNhyOMKVuDZQ=

oVviitkD8B7ZmijeyIDFOI9nZPJKkg==

TtztqHfKKqQWuVRvT9fSSpJJmAFYLjw=

p6pvJHfZmJgx6XwYuL56b798MA==

WWmegczy4x2O+cIC27RtkZ90MQ==

/QrLiDyde3RJWRwRmWYo

PtShJAZG1WU6LP3osjo=

ZTrOf2PMho1kdm/JtSU=

A1ssC+pS8dvNS+Sa

K4g38tVda8DNS+Sa

Dz7fj13DnKh1iV8++X2H8Fbeq1jBGh4D

0AjPwNQtnWUEpDBAJbq9GG8p69QC

ALhKrIu7/5BTRf1OQAW0Gm8=

a5Zp3GrGWhzmrBYRmWYo

dwzcQzpnYYAi8G7eypfSS6d3oWmQnQ==

VR3AHfcDyG79m6bm0YnEOEBS/fQ=

pyZFKiWXNaVuDZQ=

dzf0zzBlYaqLFjSUaw==

D6TIj16hJ8JhJMom8rlxkZ90MQ==

8qkyvpp56Qm21g==

4qNmKHymVg3Bx4M=

MOiH6DRYhutyFjSUaw==

JqTDnm+zOQLV+83Ucm9GDw==

YQilIAQqUM5vFjSUaw==

84U/nbvTQwzcyQ==

mC34kB9LdeJuFjSUaw==

DKLKrbwuuWyJNK6N

thisismyhomevalue.com

Targets

- Target
  
  tmp
- Size
  
  517KB
- MD5
  
  a09f93f7606aa64851c9a8f82317b72f
- SHA1
  
  c33ea2eb219a088610847905251e5e2c3d2c87a2
- SHA256
  
  c9777cb78779de98104f1a01584f9df07e39b7ace7d5e6686d225e7261bd9447
- SHA512
  
  c5923ec47cc02a048fbbe8876c6f982d56dd6ea8936848db5a51ec6ad8ce16df9271a00c187a9ea653beaa490ba769c1339a5c3384180ba4d3961c471b7dfd59
Score

10^/10

xloader nn40 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernn40loaderratsuricata

behavioral2

xloadernn40loaderratsuricata

© 2018-2024

Terms | Privacy