xloader | 90a2b0df57f56beda8cd5e84ce30297875d045eb45b8b2df8aabdcd1f1031797 | Triage

Sharing

General

Target

90a2b0df57f56beda8cd5e84ce30297875d045eb45b8b2df8aabdcd1f1031797
Size

341KB
Sample

241121-y1bg2a1lgj
MD5

41040a6b65a0794b5f2bd59819d4e9a6
SHA1

15ffeab6421d06f082242bebc2fd63a723a74876
SHA256

90a2b0df57f56beda8cd5e84ce30297875d045eb45b8b2df8aabdcd1f1031797
SHA512

29b581e78baaa2ac71d62b05c9c200104963b26cd3842eedd15ea94009b3147ac266ba6dddd944fce7231ba25e061f408c18d9abf4e9e1e67369e3b898963a24
SSDEEP

6144:KOK+oIOIJVsn2R0VfQZlFkqG343LWjpgUqz7nnLZ9h3qmhX5Pz:/K+oCJVsnfG6QApA7nt3dhpPz

Score

10^/10

xloader r0bh discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

r0bh

Decoy

karo-tasty.com

canlioyuncuyuz.online

app-demo.xyz

fountainspringscapemay.com

completefuid.com

sideroyalpalacehotel.website

tollesonhouses.com

zjef.top

fuckingmom89.xyz

toituresante.com

arabatas.com

trans-mall.com

davidruperezdorao.com

cspro-lb.com

xiluoxtmcwj.com

medicinaoralbarcelona.com

rayganesh.com

bakosaoje.xyz

8nst.com

nigeriasecurityexpo.com

Targets

- Target
  
  [RFQ] QuotationOrder (SCS).exe
- Size
  
  377KB
- MD5
  
  505762e94913065a29e28a960c01eff7
- SHA1
  
  b61de11b6773224f850e1b8841a983337e5c98ac
- SHA256
  
  be900d129c61d09bf730b02647b272a606bc49e204be55d286ccb892edb961ce
- SHA512
  
  4a0a62a5cdfd72baf6ec61114d5ef2ecc2e5d6579b7ee3d96452a7a556433d3eefa07aa93ca455e2a097273bcb47ec6838ee4fb3ce0e9eec98b6b999bd16ecf1
- SSDEEP
  
  6144:9AuZUs9+QjcGioLPv0eXj2EN9hUeEvNcihGIDXT1WP1buDu53:9Hv9/YoQeVueEvNcih9PYuDut
Score

10^/10

xloader r0bh discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderr0bhdiscoveryloaderrat

behavioral2

xloaderr0bhdiscoveryloaderrat