xloader | bb26c1f246ced83ef1ff97d4f005a7448c4c6fd85f24805eb53a69285eba7019 | Triage

Sharing

General

Target

bb26c1f246ced83ef1ff97d4f005a7448c4c6fd85f24805eb53a69285eba7019
Size

1.3MB
Sample

241121-yqj2eszqgq
MD5

a6ca1a05ac31bb18caf5c962cb837371
SHA1

abde00ab582ce5aa38098b8299ac40d79e8c7b84
SHA256

bb26c1f246ced83ef1ff97d4f005a7448c4c6fd85f24805eb53a69285eba7019
SHA512

06276b532d830b9ba1a88fc9898cb5c9c146d32f577ae157ae3eb72c9c2291d09b9e6b4d0c6f5e18ccbc27b53934bdab57a6667224c1a61b15aab64a3eac2930
SSDEEP

12288:+etA1TrromUStJaIYZULyQHFoeqYsTFop4Cd1k4ONdL38arAbNjsyaUVKnp:BIHL72DNTUvkHb0zahp

Score

10^/10

xloader f4ut discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

f4ut

Decoy

studiokventura.com

rmnslashes.com

oklahomapropertybuyersllc.com

pmfce.net

yingkuncy.com

theailearning.com

artistic1cleaning.com

shqinyue.com

dentaldunya.com

karatuhotel.com

renttoownhomephoenix.com

0087wt.com

hotelsearchkwnet.com

dentavangart.com

98700l.com

seattleproducecompany.com

magicparadigm.com

cunix88.com

vr646.com

calmonleiloes.com

Targets

- Target
  
  PAYMENT.exe
- Size
  
  753KB
- MD5
  
  dceac041ccf4756470e11a7cf926f060
- SHA1
  
  3f887b2125c55ddb0b4dcfe4b49b9bf7f0271510
- SHA256
  
  1def824855543f8011e65445f549f01648856e222215078ebc99281415bc1268
- SHA512
  
  06ecd9b19fc3b1a7fdb6a621b9219407c3512330ccb0c405157373b64675ffa4c6d9e2ebacf2440b3ae6c6bceec24b0331d645961b1fb846d246486d42d14b7b
- SSDEEP
  
  12288:cetA1TrromUStJaIYZULyQHFoeqYsTFop4Cd1k4ONdL38arAbNjsyaUVKnp:7IHL72DNTUvkHb0zahp
Score

10^/10

xloader f4ut discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderf4utdiscoveryloaderrat

behavioral2

xloaderf4utdiscoveryloaderrat