xloader | e3440c29a362f7c2b7b7caa133b7fa016dac9af7fb6e2a4a4978845ec0ba5da9 | Triage

Sharing

General

Target

e3440c29a362f7c2b7b7caa133b7fa016dac9af7fb6e2a4a4978845ec0ba5da9
Size

600KB
Sample

241121-yvst5a1jfn
MD5

3cd1729dc36b4a975f313b4ef76d035a
SHA1

d61b8633542738ceb069123c2870cced090bf8fd
SHA256

e3440c29a362f7c2b7b7caa133b7fa016dac9af7fb6e2a4a4978845ec0ba5da9
SHA512

b10f7488bee661edadcc55f9576403f7ac168fa2f2c9e078164e3959658f5559c40f9706f784a9b45b9315bc418136184c3bb45168b838f0cd7a0724511caa04
SSDEEP

12288:hJAsoxakZDBan1oFsvabS/pb4QTR3Hk3nms5tGK54Lo/:hJAs/u1uCu5bNqmsaKqo/

Score

10^/10

xloader gm9w discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

gm9w

Decoy

steffiemor.com

qe2rvstorage.com

louisteak.com

top-dex2.com

fafeiya.com

saffure.com

1upshopandstuff.com

wemove66.com

deckswap.info

joinjifu.com

joboval.com

stilldeliciousvegan.com

intercunt.com

espaciosterapeutas.com

doglai.com

situationslayer.com

adbreaks.net

cdjy666.com

ap70mm.com

gwh525.xyz

Targets

- Target
  
  5823174ff78f251ac5b1b8cd1e1727aaa72f8523aa1aace4b59c9ef549d22148
- Size
  
  878KB
- MD5
  
  7f6bc5f41f5190704ebfac8d666306ee
- SHA1
  
  1ae3d6d99ee0462619799dfc722f0bfed442b231
- SHA256
  
  5823174ff78f251ac5b1b8cd1e1727aaa72f8523aa1aace4b59c9ef549d22148
- SHA512
  
  14c175023c2e961cca96a08b620099dee9d0ce41575bf3a52971f32e5c1bf88fdc362513bee2b165467f1ccf9c44ff31dcd9f50ba72625c53587eb799fa40697
- SSDEEP
  
  12288:SvcsGI/c4fvh8VtkwODi42tTvwRPdywkYyzXlI8n3dYt2EObbZ:SjHgODjmzVXywtYt
Score

10^/10

xloader gm9w discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloadergm9wdiscoveryloaderrat

behavioral2

xloadergm9wdiscoveryloaderrat