xloader | 2f925841ba429e187973b3078d7fdc94d3c21b8b2876827e5b16a87a659e2738 | Triage

Sharing

General

Target

2f925841ba429e187973b3078d7fdc94d3c21b8b2876827e5b16a87a659e2738
Size

710KB
Sample

241121-2eb38asrcl
MD5

7c17240060df00fa1e42737e84789fcb
SHA1

bf30deab62ecfe2294018e9ecb7aaf2be14fa2ce
SHA256

2f925841ba429e187973b3078d7fdc94d3c21b8b2876827e5b16a87a659e2738
SHA512

7832ab6543281d2b5cad7c2ebc6ecb0d3c78399876760d3994b39db35f1ba8a8c6f05437320c9d024d05c09e00f53388ac0ce9812a5671b118707dfcb92786e9
SSDEEP

12288:QNenMGCtAEPHnR5qQQHSW86NfWg9Vx02FJN4Scu1Iz6qfSJ58zMI+QtsiF1Cg5hH:QNenRyAsHRfD6NOg9VxvJ4G1Iz36Jez/

Score

10^/10

xloader p89m discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p89m

Decoy

wrapapplausechutney.xyz

covidmobiletestingmd.com

convey.gifts

b148tlrfee9evtvorgm5947.com

zmlhtjfls.com

mctrumpthyism.com

lilaixi.store

interstatehardwarenj.com

horakokode.com

42wilsonavenue.com

muskanphysio.com

absoluteuniquecrafts.store

donategame.online

greenlinkengineering.net

pinchanzosloyalty.com

companyintel.network

resumewriterguru.com

oakalleyatcimarron.com

sriyawealthplan.com

mpcollection.online

Targets

- Target
  
  4sMcGGeBVCjd9IZ.exe
- Size
  
  766KB
- MD5
  
  a66b604ab210053291aa9c3a4434d5b9
- SHA1
  
  6841f037bc909103da8a43857dd05f91ca95cfd3
- SHA256
  
  7112b5fbfabba6a257da8523a6a1a982272941e48e072d8f8b7de372561dca48
- SHA512
  
  d95498915818517431e7523f3a10ebb9c4ea35857b7a247d576985195cbefc41c60034d78a1406bec804d5bf1183decfcbebaec67932e05123802cd9671368f3
- SSDEEP
  
  12288:QmK1ELtN5TE0ZQKLWy4JjbIoWiblbPgQ3WwiUKxwCA2aabp77DsjTIzgyf5A3FsE:DTESCBLxDgLZxi2aaF77Dswgyf5A3FsE
Score

10^/10

xloader p89m discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderp89mdiscoveryloaderrat

behavioral2

xloaderp89mdiscoveryloaderrat