xloader | 8eb265c22ebf853f8c0bcad65f2e5eaaef5db267e164981f5508bcfa37bb1530 | Triage

Sharing

General

Target

fc2a2f793361ac2fee26e488f24e46f2_JaffaCakes118
Size

1.2MB
Sample

240928-m5ymksscql
MD5

fc2a2f793361ac2fee26e488f24e46f2
SHA1

7e6feb4b86c76f402165bdefd18b03a635badae0
SHA256

8eb265c22ebf853f8c0bcad65f2e5eaaef5db267e164981f5508bcfa37bb1530
SHA512

d9340563b41556e6aaf15b7e1acd8c618bc03f0a1ffeeba36eb314ced8674ca7c8e35d9f49bf87555ee0d2862e7b79695ca3a8adb3e95fd9848df6afd3baf975
SSDEEP

12288:H5cYv2tasGHW/NqrFnHqgpztNwN/wgHQHewItAVjmRg2W9fvEwsJ:HvutasoWFEHjzIwoQ+w9Ycf9sJ

Score

10^/10

xloader d8ak discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

d8ak

Decoy

bossmatter.com

intanmandirilestari.com

goldsgymclermont.com

nythraa.com

xbfcyy.com

precitaparktownhome.com

medicalmarijuanamississippi.net

mademoisellepierre.com

duantui.run

freebay.info

gabimslogistics.com

planethomrlending.com

thesockboutique.net

freiundgeist.com

nouvellechina.com

hkamlcc.com

heti-lainaa.com

forehead-effort.com

productsim.com

dualexpressions.com

Targets

- Target
  
  Invoice#00086770.exe
- Size
  
  681KB
- MD5
  
  9959299149ec0cc5d9c380a308f69f31
- SHA1
  
  2b98e45b2dd60c8e3f154e80f10b2bcc07bfca90
- SHA256
  
  b9e50b873e6ca85c0ebcd953a403425a5c7da2e57ffe47723e21cccf8cebde06
- SHA512
  
  60fd97abd4fa62686266cecb9832ba50118671dce411dfcda9dc7b6db516eb0405a0783739fe1e9e920feb90e51f73b0bd6a9cc9decb75288edab0923b87ada1
- SSDEEP
  
  12288:w5cYv2tasGHW/NqrFnHqgpztNwN/wgHQHewItAVjmRg2W9fvEwsJ:wvutasoWFEHjzIwoQ+w9Ycf9sJ
Score

10^/10

xloader d8ak discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderd8akdiscoveryloaderrat

behavioral2

xloaderd8akdiscoveryloaderrat