xloader | 85b20b341d86b43b4da52abf6a661f16ff07cf2f3b8701689fedcc3e036bd1a4 | Triage

Sharing

General

Target

f8096c1b1e3cc83ecdcc58539d6b643e_JaffaCakes118
Size

498KB
Sample

240926-k5ehlaydnl
MD5

f8096c1b1e3cc83ecdcc58539d6b643e
SHA1

64ef2b5a72a1cce92fdf5f546fe8943ca1f6d365
SHA256

85b20b341d86b43b4da52abf6a661f16ff07cf2f3b8701689fedcc3e036bd1a4
SHA512

852c224be6cc7a85f4c5427cb607337ccf1f7a35806e68e1969e942b4679720475d21f79da4715cf1a9d40d4acc039dee88724f4f0aa967ac69aac465062e8b1
SSDEEP

12288:uoebB2KGrAPC0NrqX+zFBbE5A70lwJM75ANl1:ObB2cC0Nr8G8A7wt75AN/

Score

10^/10

xloader u86g discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u86g

Decoy

4tnoxrox.com

ff130.com

grapevinecrisiscare.com

system91.com

blondedocfabprivacypolicy.com

amphorabeverageservices.com

cvacity.info

cbghemppills.com

iowaconcertofhope.com

theilerablog.com

bg1133.com

jenniferkristinphotography.com

wnj.xyz

khdoctor.com

mittelstandsgestaltung.com

mimikis.info

my-data.pro

nativesonlabs.com

thelincmagazine.com

dsfrederick.com

Targets

- Target
  
  MAERSK Shipping Information_Pdf.exe
- Size
  
  570KB
- MD5
  
  457b46b043654c58320fcde48282b9f6
- SHA1
  
  74d83159033ac73479c21b8b0194fe92fd3e49dd
- SHA256
  
  201436245bc7a5ccba11660b260ae4361b26b2e4a301491c4f2b319f8eeb9122
- SHA512
  
  92b68cd4188b2e5f357a37e9c16d1dbc0f95b238127c7ce5d08f47add2e864a6b7892181bc20fffedf43f6fde23261a7e05c864314720f58c20e81c77811784e
- SSDEEP
  
  12288:Nvln7HTM17QPFy4XEcHcMcZmf2SIMt+/gO40m2i9rwgLXWHCM2K4C:nUCxUacrZ1/gOLC9rl13C
Score

10^/10

xloader u86g discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderu86gdiscoveryloaderrat

behavioral2

xloaderu86gdiscoveryloaderrat