xloader | dc2c24764665917d9279c138b65c03adb3bf1e2f662157c2e95fdd323f08ad1b | Triage

Sharing

General

Target

dc2c24764665917d9279c138b65c03adb3bf1e2f662157c2e95fdd323f08ad1b
Size

659KB
Sample

241121-yve82a1jej
MD5

d4f7b1d1ae45658a39a39e5981c56280
SHA1

8ad9b69ae9b2aad5d716881be5ced24aaba31c6b
SHA256

dc2c24764665917d9279c138b65c03adb3bf1e2f662157c2e95fdd323f08ad1b
SHA512

d9b2087f30f35cbd0e406a15890395c7469ad3650726e54e1d8b84335e89994e89cdb260d3d1804e8c0cd2dcc9091bdf7b2445ba621b26704a204419bd526a9d
SSDEEP

12288:4hV+zbzhlb0JlfXdDJnY2IYuhqHcGbY0zPUBQSsg5tOKRSADmfVY8vMYnfMW/w:4hV+bMlfX9i37RGvzk9sgDOKfR8vMofM

Score

10^/10

xloader earz discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

earz

Decoy

halacoupon.com

anthos-labs.com

hagertylabs.net

l1992.com

856379580.xyz

rcbb-technologies.com

realhoggapparel.com

sauceprince.com

tootingcab.com

4chase5.com

ordergogibibimbap.com

nyj.xyz

dermixspa.com

premiergiftingco.com

razorcentric.com

mbrealtyadvisors.com

officialjazz.club

cctv006.com

hbcuatthepolls.info

prestamos-ya.com

Targets

- Target
  
  DHL INV _AWB.bin
- Size
  
  942KB
- MD5
  
  123657146d91536f96286717786d45a4
- SHA1
  
  601ad65123b6417d4b5368974247e5fe4c808d2b
- SHA256
  
  4a82f9fe9128707c38e60ee4feea398d4edfcca38d066ed3670b5858d8685a05
- SHA512
  
  4adaa3bd089bd5d449b00438f58fa7b30ccb3cf81731498645f44b40b387d534c68e2aab66a2c587a71e5df84578a6c5dafc7de34bd375528d1a387899b6cb9e
- SSDEEP
  
  24576:GwOuJARseTMqhJqJIP4wkyKwWhmdraLqs:xPARsSZhJqy4pl4N
Score

10^/10

xloader earz discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderearzdiscoveryloaderrat

behavioral2

xloaderearzdiscoveryloaderrat