xloader | 8527448ad0abb36e21c59136ab49a0886ebbf2548d3277ed7823907d0517d374 | Triage

Sharing

General

Target

8527448ad0abb36e21c59136ab49a0886ebbf2548d3277ed7823907d0517d374
Size

781KB
Sample

241121-y8tzca1phj
MD5

734b0c17b31dbef1d482940d22e09071
SHA1

64f29d17fb7b511464a90d21cd06d2b7e219d1a7
SHA256

8527448ad0abb36e21c59136ab49a0886ebbf2548d3277ed7823907d0517d374
SHA512

db77d2ded4a718c5d336d9ad2a9a43649bd4667b2d62c177a6411d27bf1ca3fe9ff2b07fee985be8869451c6ba22dbccec7bd7eb77db045ff08eea3f5bcdfe36
SSDEEP

24576:bLPphlFcaL2AjjF07tTXsLGJGufaUjFP/t8Wkt38BK:v3caBjotrsruJpS7tv

Score

10^/10

xloader c8bs discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

c8bs

Decoy

wdreparaciones.com

cateac.com

thenaturalattar.com

maebaelife.com

yh28r.com

ethiopiantravelguru.com

creative-artworks.net

palominomobilenotary.com

thelaundrymate.site

sgacraft.online

starbleach.com

nhansacvietnam.net

menab2b.net

xn--2osw87cr3a47lw2o.com

ztxwnqe.icu

zbzs02.com

vikkstarswazoneshowdown.com

beijingjin6.icu

sawingtechnologies.com

szzycb.com

Targets

- Target
  
  dc8cd94e547cd182eb96ea6d3af0b25bcf11827d6a0f8fcd4d340358e1f9bc77
- Size
  
  1.6MB
- MD5
  
  ba840e7358bb4e302e1fb21af1e3c77a
- SHA1
  
  6d3b9505425e00c404216b853ff6dcea40f286d0
- SHA256
  
  dc8cd94e547cd182eb96ea6d3af0b25bcf11827d6a0f8fcd4d340358e1f9bc77
- SHA512
  
  0e9b0ca9340d37aed1207cd4f1886584e61a8eee38aeb3c0f4c41d2dc7cf8c5b280d1abfb4086d23441e1a2a33baa80d47b782f2e2cb79026bbd5adeeb3c2c60
- SSDEEP
  
  24576:7Bvct+W5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+N:p6iecPBGj2IpqpFNQuiNB/e
Score

10^/10

xloader c8bs discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderc8bsdiscoveryloaderrat

behavioral2

xloaderc8bsdiscoveryloaderrat