xloader | c355f8737bf92c3a48fcc9f15a2efff3fc92b267a8dd3776d120e08d2d372046 | Triage

Sharing

General

Target

c355f8737bf92c3a48fcc9f15a2efff3fc92b267a8dd3776d120e08d2d372046
Size

475KB
Sample

241121-yl7xpazpdp
MD5

8b5f00fd40af4b563610719b65ea7486
SHA1

e777ded4a071bc89ca98bfa4f7ed692fe76ede97
SHA256

c355f8737bf92c3a48fcc9f15a2efff3fc92b267a8dd3776d120e08d2d372046
SHA512

abd5834451d924c6485eee5a3ee12b58191929f140d6c25767b3e9f589b07bd64e1f1ea565b4b020bdede3044b395fa7e59aff7ab64edc8fb1a7fdca0c859a9d
SSDEEP

12288:tozOa9Xc/udQzU5Nrc+9SCsOpmG+Lr8VV+486da63XP:C9t3IcVhigw63/

Score

10^/10

xloader g3ws discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

g3ws

Decoy

lashandragrey.com

rickster.tech

mfengnews.com

ignatovi.com

munjashoong.com

oplexxburn.com

freaner.agency

finetaxmultiservice.com

sydneyelectroservices.com

puma-factoryoutlet.com

kakaomobility-recruit.com

tombitz.com

kekenapeps.com

claudchat.com

hondenpaleis.com

hyswkimjisoo.xyz

ralphlaurenoutlet.us

cargonodeseado.xyz

virtualassistantsteam.com

mamaduduprints.com

Targets

- Target
  
  cZAFQY1ivxT14o0.bin
- Size
  
  526KB
- MD5
  
  fdfcce551589979a297b003bed5ac9e1
- SHA1
  
  9d209f5f1b696ed695a28aea018f7179d7a795d2
- SHA256
  
  06cc2d206afed5e79426d726b19ca9ae4dda8f5ed252bea54204aed24433831b
- SHA512
  
  4f85b4f8c7095c20c209c9104a81cea33b220e712851acb6b051af251f411be1b9c1540f50029c02257cbbaf1d6f31d3dff2b32dfe3965a73e0aa2b2453539d1
- SSDEEP
  
  12288:j6jZXuX2ev4+tCCjypGYgOB96vdnLM30ZExHiDVErV9nNTPX:j69+lvhbhYNI5M30ZRVM9
Score

10^/10

xloader g3ws discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderg3wsdiscoveryloaderrat

behavioral2

xloaderg3wsdiscoveryloaderrat