xloader | 7cd23817d642ca753b4f4083ed08953f8928d66013d3bb3c197259daf881c888 | Triage

Sharing

General

Target

7cd23817d642ca753b4f4083ed08953f8928d66013d3bb3c197259daf881c888
Size

564KB
Sample

241121-y7kdhsxjes
MD5

0c8b25e7b5608a1f7e14b44828a43b7b
SHA1

0761ac769eb687c508beaf0b14b8135005e7bedd
SHA256

7cd23817d642ca753b4f4083ed08953f8928d66013d3bb3c197259daf881c888
SHA512

10477082f39048e106fdc556d3db1d2010e5917ce55ed624a47f669fb80832ac58a7771bbdb9a5a9f70ee0f2ea81e3d71546614655fe41b02036602008b78375
SSDEEP

12288:egpyvEcUc7ZRTeJBGXOJg7lRUbWAGXXegY8DCqnE5QP/IUmG:eoIEg7ZEGXcg7liWveknZgG

Score

10^/10

xloader rnn4 discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rnn4

Decoy

saruroman.com

backendfurnitureconsulting.com

invitadito.com

aqemelearning.com

unitedphonerepair.com

xn--l6qt3dk7equidt4a.net

us-pride-day.com

refund.homes

gilanfarrconstruction.com

856380691.xyz

aerolabqhd.com

collective36.com

binhminhxanh.club

droogskateboards.com

thinkbest11.com

realisticallywritten.com

elderlyjustification.com

betteraff.net

freeworkpays.com

callistatease.com

Targets

- Target
  
  Enquiry#List For Urgent Order070521.exe
- Size
  
  1.3MB
- MD5
  
  b65d348c6c626693fda8657edb8edd5a
- SHA1
  
  a080850656a7eb65b6a21a8d23d8a5df9cf5df78
- SHA256
  
  c6e9c8aafd1bcd3b7772547cb5fe8c52b57a7486b93172163478fb0974725ac9
- SHA512
  
  db85fb23836b5caeb9abf6a56f3ac336a1423394708e188f5e991c7119ff2a44c16451f476d882bc927fe4b8397fee28e83ee69f368441036189094321a437b9
- SSDEEP
  
  12288:OSbd6NsB+OaDaDaOIrDBQtKY3YZ/ZHRjrJjCNFhVN1UayaE:O+6NJOaDaDa7l7Y3YZ3jrQFtuayaE
Score

10^/10

xloader rnn4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderrnn4discoveryloaderrat

behavioral2

xloaderrnn4discoveryloaderrat