xloader | f8b00e8449765e88fefee1290e71e1c1b63973fa7989a297dcc3f348826b7ab9 | Triage

Sharing

General

Target

f8b00e8449765e88fefee1290e71e1c1b63973fa7989a297dcc3f348826b7ab9
Size

700KB
Sample

241121-y3t26a1mfn
MD5

71febac94d283b177ef2fca0f5127192
SHA1

32bdd5976809eed5bf0a1b60112442c38f1b168c
SHA256

f8b00e8449765e88fefee1290e71e1c1b63973fa7989a297dcc3f348826b7ab9
SHA512

7a6c89f34eb013635cea6c9e6d9b5d69908b5f43c6bd8ecb363384669aacdb3e0ff93c5a449b8aee0fa0d840a379866f84d31e19aedb75ae77c3702f29333916
SSDEEP

12288:T1WXjkf4sQjkwpG4vanXFF/jePrZuQn0hkcTIJwHhAQj5iKdDCn:qsCGu8F/aPrl0hkcT/HhAQEKdK

Score

10^/10

xloader ge32 discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ge32

Decoy

purduegreeks.com

votehaddockformayor.com

sdacademy.net

boston-ninpo.com

algaeagora.com

myntlaccount.online

xn--eckwa3d3b3a2j.xyz

iytvdt.com

ibrnbw.com

outnoble.online

atmosferas.net

sathapornstainlesssteel.com

pantaneirajeans.online

classyeventsco.com

classyhousemarket.com

onlinemarketingvancouver.com

multi-familycompany.com

dirttinc.com

frilance.club

cpw883.com

Targets

- Target
  
  BG V.085(07)-REVISED DRAFT BL.exe
- Size
  
  773KB
- MD5
  
  b3ee3a00329eb1a0e1ef3cd71f952747
- SHA1
  
  2d5eff3955d2ded49ede5b526c9bd0e2a1afcf19
- SHA256
  
  b95718e6a008dc7f10900054853e7347c62f38463edcd17c9527c2d491ee7721
- SHA512
  
  35e11cb2ca02c0a2f20fde84c59afd67ec6993462316c4d54212a2f1a52dcf1109e1a1d166c71fded3bfb63c3adf521f1b93c9fcb7cea658826bcda26bf56313
- SSDEEP
  
  12288:7HGfIuwOEVGkSj5kG9oIZOFVsE9oINa6cy5IjTJWjUoOxQUzfiU16MHsS1P/oDel:z5uwOe0P9oI0KW/NariABGGDMSuH6
Score

10^/10

xloader ge32 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderge32discoveryloaderrat

behavioral2

xloaderge32discoveryloaderrat