xloader | bf7c38d3b5d4ef19a6e80113d538e63e830eb39f073f3859352155c257ed0f8b | Triage

Sharing

General

Target

bf7c38d3b5d4ef19a6e80113d538e63e830eb39f073f3859352155c257ed0f8b
Size

902KB
Sample

241121-yptjgawldz
MD5

4262b06ac9e8550d5860c0a4de6a927c
SHA1

96821eabd09a902f61fcfaba3fa945b44fb312fc
SHA256

bf7c38d3b5d4ef19a6e80113d538e63e830eb39f073f3859352155c257ed0f8b
SHA512

dc0a716775efa8b8f1b1ed8158a471f5c5355cf06f79aaa6bb793a07e16e7bb999fdec6280f5e9d4bae59cad410488b7fbcdffca66ff76303bbe3244bef0cd9c
SSDEEP

24576:8DssywghivZV9DqrrFPBBVy1TqBW8dn3at+kq1C8:E/ywghiVAFPZh3atjX8

Score

10^/10

xloader hw6d discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

hw6d

Decoy

medicare101now.com

danahillathletics.com

realjobexpert.com

boulderhalle-hamburg.com

idoweddinghair.com

awdcompanies.com

thevillaflora.com

neutrasystems.com

allwest-originals.com

designtehengsg.com

thenewyorker.computer

ladybugtubs.com

silina-beauty24.com

mifangtu.com

fashionbranddeveloper.com

istanbulhookah.com

askyoyo.com

osaka-computer.net

conegenie.com

agteless.com

Targets

- Target
  
  Bridge_E12_4546786,pdf.exe
- Size
  
  993KB
- MD5
  
  f9e5c9b101838927e7980b6f4892820c
- SHA1
  
  091c3fdf81cb7bc59d338723d9938f5506944e5a
- SHA256
  
  a8664e0023a7f34579fff0976b8f7d63805fbd6ef14eeebd2d0bbdf3e16e785c
- SHA512
  
  0f8e845c64fc2e1ada39745b80215c8203ae214b4aa29daa42c945813bddbec40a42ae296727d6718d8af22e8285b7bc81d4a99f74f51c2b6429c9d7b3536cae
- SSDEEP
  
  24576:ueaakkaedlGmntd9xRXhYjICRRRRRjXtAmA5ZSE:ueaakkaed0a1xRCDRRRRRjdAmA/
Score

10^/10

xloader hw6d discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderhw6ddiscoveryloaderrat

behavioral2

xloaderhw6ddiscoveryloaderrat