xloader | d560c4f1909db396a285c2d98d08939a5a7912301e283711e7ac5d0085e0e6e0 | Triage

Sharing

General

Target

d560c4f1909db396a285c2d98d08939a5a7912301e283711e7ac5d0085e0e6e0
Size

713KB
Sample

241121-ylcrjswkds
MD5

f68baa450a9e89e00965a2a7363309bc
SHA1

adc9b1dbbbbd493bad74a38f2d58c5477c335871
SHA256

d560c4f1909db396a285c2d98d08939a5a7912301e283711e7ac5d0085e0e6e0
SHA512

4f1b1ee563a18b0fa7f30d1dbbbaca2ded5b74129221f26e304e5173c61fa6d1ac6089932288bf71d9454e26df2511d2cd93e96d0c7b6e8e6a203229fd537e40
SSDEEP

12288:bgBNtbAkn90t4sDcxeXPWJV2HnaYnSW+bnEC+UQ+vsxMPodXJxGKyYvt+GfuyUch:baNtkkn90tZusPXnTSlL+VosxMMXqK5X

Score

10^/10

xloader m8ns discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

m8ns

Decoy

williegreensorganicfarm.com

bayoutacklecompany.com

shannonwritesblog.com

joygreat.net

bwin.sucks

sbn-kr.com

shoptucuda.com

happyshoppingzone.com

zhengtiankj.com

life-doula.com

huber-it.tech

goddessprotal.com

anchorportablestorage.com

newcoracle.com

lovelexboutique.com

lowcosttruckinginsurance.com

knets.info

infiniteclanofficial.com

gunny100.com

motorsportsequipment.com

Targets

- Target
  
  Order.bin
- Size
  
  921KB
- MD5
  
  8a905323d959d7e727314c13d16814be
- SHA1
  
  4e6b591e34b901e87f03f722b2a1ebdf2716bc41
- SHA256
  
  0624c126123b489ae118f43fff0624fefb724eb3ab4399769e5fa695707fd318
- SHA512
  
  826251e2ad94095e860874452be326ce23d64fb3fdabd0b6c4260c3fdf8032c2588c3aab0034121a175afbd9c88fdafe9c3678f5ec456c8ac5974204372b56cd
- SSDEEP
  
  12288:Amxo9vZaGwNh5B7spJYmDY7tWJcOYZhHK7zWzKbojReF:Lxo9xav5BSJYmDYJMc/ZsoKboM
Score

10^/10

xloader m8ns discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderm8nsdiscoveryloaderrat

behavioral2

xloaderm8nsdiscoveryloaderrat