xloader | 694117b21c4400edfe53b8d129cc2cdbd3cfbacb64aea3d2149dd43deb69b6b1 | Triage

Sharing

General

Target

ff397e1e4722dba8ae3c8242380f7062_JaffaCakes118
Size

569KB
Sample

240929-ylhb2axfjq
MD5

ff397e1e4722dba8ae3c8242380f7062
SHA1

7a818469c2e889c030f59685aa6b424245f3c2ad
SHA256

694117b21c4400edfe53b8d129cc2cdbd3cfbacb64aea3d2149dd43deb69b6b1
SHA512

9da58f585342f29e9d336f4a4b59f5c6f4d53651e27563c551fe9973e350d2586b7ff28ebd94fd8161b8ab8f40d165d22e4a6b9f57c0626ecf48c57521b0e340
SSDEEP

12288:aSZNW1cv0iiJS5cFsFSHli/cTSFep+dqF/nLdu8kbB7+lIoCWNc7:aKdrb5EsIHUFe7nxKNSlva7

Score

10^/10

xloader bu2n discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bu2n

Decoy

vacuummates.com

orderladolcevita.com

sumopub.net

adamerico.com

royalesalon.com

deardealta.com

bostonm.info

eugenfischer.net

xn--ah-ska.com

mahirgyan.com

termogenicodicas.com

safaacn.com

honeystreetdigital.com

taylorscontruction.com

incontrol-co.com

smtp0769.com

distinguishedcavalry.life

inthehillsinc.com

concordarabuluculuk.xyz

persommwine.com

Targets

- Target
  
  RFQ_2345.exe
- Size
  
  789KB
- MD5
  
  3b5d2404cde0045707b58adc2eada0bc
- SHA1
  
  8b6885cc398d14d264c35064da5f5c7a1563b6b5
- SHA256
  
  3cd1e0124a1fd0d922c432d01e909479692e7133dc1b33b739e7b9701b03444d
- SHA512
  
  b6bf4dfd354de57ffdf697dbfe97e24a3ed08ad8d1ffe7297415a994e803aef0aed9ce6afa74e823ce4517edfa816d22f95460e1f085d587f3ebcf1c4d94ca10
- SSDEEP
  
  12288:fwBQSnZl+lZbAy/TYTXSNwRzli/cTSxep+dqQSnL/u8kbW7+lIBkcLxElV6iQQR1:fw18bHTcXSedUxeXnzKCSlmkmxEbP
Score

10^/10

xloader bu2n discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderbu2ndiscoveryloaderrat

behavioral2

xloaderbu2ndiscoveryloaderrat