xloader

General

Target

4ecffa97a74eb985f88403ca71d8903d.exe
Size

405KB
Sample

240109-w1827afddr
MD5

4ecffa97a74eb985f88403ca71d8903d
SHA1

a9fe0554de2a06ff95d2083e09fbad0e2ddf1854
SHA256

c6f76992c34b7439ff565cd3f928a642557b7ae4bb44bbd76e228b20a9b4b6d4
SHA512

baeb16e0dd164167c9e4f4f1b907e9fd1ae225c3540aa913f89d9f3d3510a21fab16ac73cb3fe1f563df514e85c09bd191b472c8ee22960b97b2e6a6370ef05f
SSDEEP

12288:oJYmhDsoASTnOMuMvjesMo3oKAFblLE2+c57dVh:dmJKdGKlKuB0c5BP

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ehp9

Decoy

kebao100.com

telco360.com

gilleyaviation.com

thedangleman.com

kmpetersonphoto.com

bykjsz.com

comparaca.com

wlalumsforantiracism.com

razerzonr.com

856380062.xyz

cubesoftwaresolution.com

atokastore.com

joinlashedbyjamie.com

azcorra.com

lilys-galaxy.com

wheretheresaytheresaway.com

avantix-colts.com

pornsitehub.com

jagoviral.com

loansforgiven.com

Targets

- Target
  
  4ecffa97a74eb985f88403ca71d8903d.exe
- Size
  
  405KB
- MD5
  
  4ecffa97a74eb985f88403ca71d8903d
- SHA1
  
  a9fe0554de2a06ff95d2083e09fbad0e2ddf1854
- SHA256
  
  c6f76992c34b7439ff565cd3f928a642557b7ae4bb44bbd76e228b20a9b4b6d4
- SHA512
  
  baeb16e0dd164167c9e4f4f1b907e9fd1ae225c3540aa913f89d9f3d3510a21fab16ac73cb3fe1f563df514e85c09bd191b472c8ee22960b97b2e6a6370ef05f
- SSDEEP
  
  12288:oJYmhDsoASTnOMuMvjesMo3oKAFblLE2+c57dVh:dmJKdGKlKuB0c5BP
Score

10^/10

xloader zgrat ehp9 loader rat
- Detect ZGRat V1
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Xloader payload

Checks computer location settings

Deletes itself

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2