xloader | 957ef243d645248c1c80c3b121f7290c950530d525c9a54a961be12e1c6dfdfc | Triage

Sharing

General

Target

957ef243d645248c1c80c3b121f7290c950530d525c9a54a961be12e1c6dfdfc
Size

372KB
Sample

241121-y9yc6axkdy
MD5

484f7dafd5dd5cfb402991a9c54a0b63
SHA1

b6588b55820e7bef09050eeacd769424cfee4afc
SHA256

957ef243d645248c1c80c3b121f7290c950530d525c9a54a961be12e1c6dfdfc
SHA512

8c5baad99cc8a2688b126742c574aa4c10bf3757f82a5e3b85e00a2ea5470148d0443aa281989c72e46797bcbe837dc02fce6ff113ff93ee27439098acef08b8
SSDEEP

6144:EZWAqIU52T63HMaVg4p1aTwCMKaGAKUOhOwxmvTrpxzfAMMYBLsoX2VKE4jfPn1v:qWAvCp1UMKaGNFh0rpBAM6oXtr1

Score

10^/10

xloader how6 discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

how6

Decoy

wealthcabana.com

fourfortyfourcreations.com

cqqcsy.com

bhwzjd.com

niftyfashionrewards.com

andersongiftemporium.com

smarttradingcoin.com

ilarealty.com

sherrywine.net

fsecg.info

xoti.top

pirosconsulting.com

fundapie.com

bbgm4egda.xyz

legalfortmyers.com

improvizy.com

yxdyhs.com

lucky2balls.com

panelmall.com

davenportkartway.com

Targets

- Target
  
  TNT Documents.exe
- Size
  
  437KB
- MD5
  
  b645c00f43011c6c544de85252898b5a
- SHA1
  
  e56e43d323e9c6e65c5909b8961d81453fca53fa
- SHA256
  
  a23066484dc83fa51ab36d9dc530799662abf63c7a12ed9cc10acc272e0c14f6
- SHA512
  
  d9bde87b1d28b37db66a40bfa1a6e765a2dcbe2b23e6034fe1bacf56cbf9d38ccdecec3fcfdd50230d547f1334f038293129f000f42b8ec7f3b2bbaca53400d4
- SSDEEP
  
  6144:zqwpecjP4vnTNSqMkRwkfIHd/rCPxiPGs25jwtTGOuBdkE4jcZOit7k7YwifsF/0:jpAP8kw7/I7s2JHTBUpiovifshFG
Score

10^/10

xloader how6 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderhow6discoveryloaderrat

behavioral2

xloaderhow6discoveryloaderrat