xloader | dd26890c428fbd34566c4d8e7f77dfd4fc8a7fbadc90c051e643f41b8776519d | Triage

Sharing

General

Target

dd26890c428fbd34566c4d8e7f77dfd4fc8a7fbadc90c051e643f41b8776519d
Size

647KB
Sample

241121-ypme6azqdm
MD5

2351079060f2204c0e50472948f2ce93
SHA1

18cbca5af2d9503d6fe8407e8ecf2037959fe8f2
SHA256

dd26890c428fbd34566c4d8e7f77dfd4fc8a7fbadc90c051e643f41b8776519d
SHA512

f26b2821347855ebc5436195c5e41e8131c36df2e195a83e3dba15243b986ca3fd6915e23b3eecb43c8f9577a514af5236e26ac4b08b4128b68f36032f5b6c7d
SSDEEP

12288:GlpLDdK/kUCKv4ZSY6GnWI3Lt0yhWq2gaNQ/ZvunS9RIWnMI+TeWzi:GzDMjc/3J0ysamS9Jn3Tai

Score

10^/10

xloader x8be discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

x8be

Decoy

happybms.com

noemibuchi.com

rubyonthegodesigns.com

geylaniiskele.com

forsaerp.com

fexatech.com

jiggymaxxdesigns.com

ravexim3.com

dandeliondips.com

championzclub.com

jimmeh-art.com

convection-furacious.com

waknerd.com

ivcmath.com

stilebios.com

svetlanakobaliya.com

soldhomeforfullprice.com

lowebeholdtwelvefold.com

tracigo.com

crowdstorage.net

Targets

- Target
  
  577827e2f48011f122d58835338951e8fcef29ab3f17d11062008dd78ab3a6cb
- Size
  
  773KB
- MD5
  
  03de471c92b69d97ceec18cf3c4b5745
- SHA1
  
  4e9dc0753d89f8a40f8e2c7734f6389851bec7f6
- SHA256
  
  577827e2f48011f122d58835338951e8fcef29ab3f17d11062008dd78ab3a6cb
- SHA512
  
  f66f3044c31e0834511dbf04df95835dce8d5562989ec3939c75c9b625af05b8cdbe71f11147a18e72ceec5f8916edd044f91e0c57b06cdf77287f9a7d153dc2
- SSDEEP
  
  12288:3zvu+M1iheIgKP429mBbX5TyadWOkhff0rUyOnHl2KzhV+ZtkrbhxM9JbrWBFw2J:e2MldWLhff0aF2AH+cM99riN//
Score

10^/10

xloader x8be discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderx8bediscoveryloaderrat

behavioral2

xloaderx8bediscoveryloaderrat