xloader

General

Target

d030ec06a1d021fb435d8459a929db7b
Size

731KB
Sample

231222-sbaasaghc3
MD5

d030ec06a1d021fb435d8459a929db7b
SHA1

155e20d350f9d2223bdd9c5dc30ad2969f077487
SHA256

cf53005d2d146dadf6dc95287bbcd1a50c8687711ebf8d497535f14ae423d6c3
SHA512

f46a8fd4016911c8bea1c579b89899173d65e019d8caae6ada6bac52d4a85ee734294b9622ce762d255fb0c6903e1040b33fdc71fecffd8d70ec225624b07786
SSDEEP

12288:aPOlblXqp28GxW8ULUwC5Y/pT2UZI2PvSSR0o6y2/:aUtqpDCHU4MpT2UVPvSSR0o6y2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u6f4

Decoy

cleverokids.site

thecannabisawards.vegas

shopbelleofthebarns.com

digitalizamimundo.com

surschool.com

lowbrowprintshop.com

gx17.net

transformafter50.info

lilygildersguild.com

hubcitypaving.com

safemarketingagency.net

suka-cbd.com

leseditionstadine.com

affreciea.com

lamozi.com

csliu.com

drgustavoamadorotorrino.com

trimatrik.digital

diamondtoolz.net

lumerianpriestess.com

Targets

- Target
  
  d030ec06a1d021fb435d8459a929db7b
- Size
  
  731KB
- MD5
  
  d030ec06a1d021fb435d8459a929db7b
- SHA1
  
  155e20d350f9d2223bdd9c5dc30ad2969f077487
- SHA256
  
  cf53005d2d146dadf6dc95287bbcd1a50c8687711ebf8d497535f14ae423d6c3
- SHA512
  
  f46a8fd4016911c8bea1c579b89899173d65e019d8caae6ada6bac52d4a85ee734294b9622ce762d255fb0c6903e1040b33fdc71fecffd8d70ec225624b07786
- SSDEEP
  
  12288:aPOlblXqp28GxW8ULUwC5Y/pT2UZI2PvSSR0o6y2/:aUtqpDCHU4MpT2UVPvSSR0o6y2
Score

10^/10

xloader zgrat u6f4 loader rat
- Detect ZGRat V1
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Xloader payload

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2