xloader | 5e74a8deacb5b18b78d3c7f9425210d696ad1b4f43e34b6f61d1f9e89ff0a9f7 | Triage

Sharing

General

Target

5e74a8deacb5b18b78d3c7f9425210d696ad1b4f43e34b6f61d1f9e89ff0a9f7
Size

1.0MB
Sample

241121-ylaxyswkcz
MD5

22ab9566498374f56f9c7d6ae12c8d7c
SHA1

afb6b4cd95aea9fe038885f8fa0c2131dc8a033c
SHA256

5e74a8deacb5b18b78d3c7f9425210d696ad1b4f43e34b6f61d1f9e89ff0a9f7
SHA512

d8bb66d72016b04d7980f951f4955ee61dac15273d8050869231b679cd27a7eb68ddecad222188c2dd166c3e2defcd6ab503d60d8aa2069da4b54d2625626246
SSDEEP

12288:S23QgPjcoqQMW//hV/9SNLSd1qu/+P9t6+1b7SzIKUcjKK6xhCCsr0IVFofA4qei:/3VLxpBtyo+V57Si4rnVF876gGCdo

Score

10^/10

xloader rbg8 discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

rbg8

Decoy

youschrutedit.com

ashvarapps.com

lover4fun.com

xn--hvsa952mrp8a.com

gentryrewards.com

musfly.info

greatexpectationssouthshore.com

thebluecreators.com

chargementale.com

construirsanidade.com

asiannics.icu

cacchaweb.xyz

retailfully.com

mktdigitalplus.com

ohiohemorrhoidcenter.com

tzbwgc.com

representmasks.com

integratedpsychedelics.net

okrvsale.com

cashflowplatformblueprint.com

Targets

- Target
  
  PO_006614.doc.bin
- Size
  
  1.3MB
- MD5
  
  07e55585280a090c5be065456bd3eaed
- SHA1
  
  142c3b752b1791b6d8eb7b8fb78f36773a51d808
- SHA256
  
  428e45ab1e675cd53981edd68a9d7989a78b267e069a8ce64415c5788c012212
- SHA512
  
  b9a8cde0da7a47f7242bf26f45a54820520b2469534caff639313a05a837ff16bdea1d206765a622c10cf5dc740c3be5107dd4bc2b6d1bd6f17aba007f90de87
- SSDEEP
  
  24576:RIjY+bAaMd3REebAaMd33zBNxFUVpkmkFFogHBa8+Gefg/kz:O5AaMVRE2AaMV3zBCLAFoOBa8+Gefg
Score

10^/10

xloader rbg8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderrbg8discoveryloaderrat

behavioral2

xloaderrbg8discoveryloaderrat