xloader | 736b6c8e847f90191678faceecd47735af498ffa82b17ec68953ef756c7125bf | Triage

Sharing

General

Target

736b6c8e847f90191678faceecd47735af498ffa82b17ec68953ef756c7125bf
Size

221KB
Sample

241121-ytssqswmhv
MD5

7b1705ee84ef9ab8e569184159a568d8
SHA1

cbfbf0bb6f018deb6bd13ef42dc20c8bfda48e39
SHA256

736b6c8e847f90191678faceecd47735af498ffa82b17ec68953ef756c7125bf
SHA512

86f61a6ac45391eac3e7b40e5e44d303f22119004dba70b414c3a0533a6b011506c7d2e00e7fbf9fde7d2d09926de8689042e2da1526362ec523e91f76c5920d
SSDEEP

3072:vJfuQue8yYqhxDI/3nuQvCMTPyJl8I4cwHy2VStUczcaxwGJ6AulbfKVW2dWvHcu:R+exDenugDHyJzx36KVbd2FPSbXlq

Score

10^/10

xloader 0mq2 discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

0mq2

Decoy

vascosamame.com

fibermyalgia.com

deleonform.com

beautybyallierio.com

kk266.info

offend-painful.com

physiotlc.com

steambackpacktrade.info

kwunitedtraining.com

carzincofmemphis.com

matthewandsarah2020.com

makeldrworks.com

reemaircon.com

thyyufg.com

belarusnarodovlastieart.com

allclear.host

taoshaonianhz.com

obluebeltlivewdbuy.com

quickinterchangeableguitars.com

imperattore.com

Targets

- Target
  
  Shipping Document DHL.bin
- Size
  
  258KB
- MD5
  
  a575dacd17ba7027ef582101baad9e74
- SHA1
  
  27ff5ebd55c906a9c2e834030b9e94de8bb7e755
- SHA256
  
  62d66df21fe7d278b6a58b45fcd4a05b6b51c47eaac1d0f5c7acd532748ca9be
- SHA512
  
  32ede983cb8dc866580ffb56dfd52915ff2a22c718547d036c2c08af77b586aacdc93ac30d37d4a789fa3c9bb6a1107d954f904316f9bdf194cc15864d8f07a6
- SSDEEP
  
  6144:bTqjF6i6soo8aj6eHe+9/em78sxyo9WFJshaIcZEUNWvTbDbiZQj:vMb9/eRs/lcxNWv7uZQj
Score

10^/10

xloader 0mq2 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloader0mq2discoveryloaderrat

behavioral2

behavioral3

behavioral4