xloader | 7dd8ab4b5aad43b6571ac2b5f543dbf23aef7847ae4eb395340808ea11a5f9b0 | Triage

Sharing

General

Target

89c4a6e31301426a02becec20396c705_JaffaCakes118
Size

366KB
Sample

240811-ky1ggsshpl
MD5

89c4a6e31301426a02becec20396c705
SHA1

05c4fea9da4124f3e2fa721ce9c3543a59723a7a
SHA256

7dd8ab4b5aad43b6571ac2b5f543dbf23aef7847ae4eb395340808ea11a5f9b0
SHA512

75093cdd8fbb5f84b32e1a4d98d6e56890dacfe4f39d9a13c25be84fc9f0684638cf2340e17d1f5f99a7bdbff13d3c9a338c1827886d340978a629e54d37722c
SSDEEP

6144:+ys4x2J/ib3gpk7PLVYd9AcAVjHjI/V31IIGSBRlvbfe7vP+kcyB9hHy8oAoUwVO:TXx2J/vpILVYrAcFd31f1DZpq9hybbVO

Score

10^/10

xloader h3qo discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

h3qo

Decoy

dhflow.com

jyindex.com

ezcleanhandle.com

trungtamcongdong.online

simsprotectionagency.com

easylivemeet.com

blackvikingfashionhouse.com

52banxue.com

girlsinit.com

drhemo.com

freethefarmers.com

velvetrosephotography.com

geometricbotaniclas.com

skyandspirit.com

deltacomunicacao.com

mucademy.com

jaboilfieldsolutions.net

howtowinatblackjacknow.com

anytimegrowth.com

simranluthra.com

Targets

- Target
  
  P.O-48452689535945.exe
- Size
  
  521KB
- MD5
  
  579c372392d600a9ef621ae4c1f7341a
- SHA1
  
  e4fb160d99727aa5ffee784c9a5f52f6581704ee
- SHA256
  
  f564f410274ccf48d4513984d1da95edefa874a555f5e7d95fae7f9cc1f46b6b
- SHA512
  
  1c744f5d9b4bb04e0ed84bc66ad6a4970e2ff18da28a4c2b9910683821c6fe43ad585e22c56fbb26e1c0db547c7e58d432ffb9c1186da81b47c7f13e7335755f
- SSDEEP
  
  6144:0uq2lrmbYS9j7tCiyEKAm63z9EZgVY+RQbwesfqFi/mpZ5bjf9VAZUUryjzbi:0WCbYQjoiuM3J0CyFzxVAZnreXi
Score

10^/10

xloader h3qo discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Beds Protector Packer
  Detects Beds Protector packer used to load .NET malware.
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderh3qodiscoveryloaderrat

behavioral2

xloaderh3qodiscoveryloaderrat