xloader | e745e8d743d8cff56ce219ba97498be5fca13726d5fc961207cee5f654217796 | Triage

Sharing

General

Target

e745e8d743d8cff56ce219ba97498be5fca13726d5fc961207cee5f654217796
Size

402KB
Sample

241121-yt61cswnat
MD5

0b5381341bc13e8eecb77ebd8d9c9962
SHA1

1a07384b43f16a3f8146f757c32bcce43f01657b
SHA256

e745e8d743d8cff56ce219ba97498be5fca13726d5fc961207cee5f654217796
SHA512

ea5adac1593709395901976bbe8a16d0d580810cfcf008385cf0284bc87bab3ff5599a8fba4035a33f8f84858c11a250b7af50b70b9ab7e5ec547ddcc5bb8ba6
SSDEEP

12288:DV7Rn6To/4LJ8KgAw2vqUpid5Q2WFlC0TOQRNF:7EDvk5Q2N057

Score

10^/10

xloader pba2 discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pba2

Decoy

marshabenjamin.com

ipx-tv.com

1826bet.net

free-story-civilizatiom.com

projecteightstudio.com

blaxies3.com

knowyourpharmacy.com

daviddelavariservices.space

hawaiidreamevents.com

chickdeal.net

toko363.com

flextech.design

americanprimativeguitar.com

sourcesfloor.com

project6212.com

eggbeaterhub.xyz

homefittness.com

eigenguard.com

bridgessd.com

wordabbler.com

Targets

- Target
  
  SOA..bin
- Size
  
  659KB
- MD5
  
  e3e887b84c5ab0b13601b8ca590a0dea
- SHA1
  
  27f72392ae8906c20bb76c4a861bfaf2c831f1d2
- SHA256
  
  661c9517b7cbeba95cff9523e882193026187caf88ee9073656d475ada90a45e
- SHA512
  
  9c2316bc05486f01c1732eb363d71897d77f9c55caaef2030e094faf32b9d4b9b1a94e09acfe8b63f37435b693d68c08d3dbc5efc7a2da0c2c64deb760ee1875
- SSDEEP
  
  12288:/QYI9f+dWzCpO1IweNrFyvDlh4ahKzPmnpA7vP7r9r/+ppppppppppppppppppp/:/Q7fyoV+wKrkRhdDnp21q
Score

10^/10

xloader pba2 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderpba2discoveryloaderrat

behavioral2

xloaderpba2discoveryloaderrat