xloader | 42e51fd8e98e798a531cc967eed3becc3c315eb5b339dc1723317db53aafc5fd | Triage

Sharing

General

Target

42e51fd8e98e798a531cc967eed3becc3c315eb5b339dc1723317db53aafc5fd
Size

532KB
Sample

241121-ywnxka1kbp
MD5

23a04e91da18cf696c7bb332f951bd33
SHA1

48629cc940db6bc7f0d572e69728404428b5323b
SHA256

42e51fd8e98e798a531cc967eed3becc3c315eb5b339dc1723317db53aafc5fd
SHA512

3ed18fde90eaaef4549ca3212a083b7057595040954c066a9d3283d4d208ff103d665621376d78fdb52086786f70511f1fbbcc5a5d9ea7427425a7bb4361684a
SSDEEP

12288:o+GCQaOX1G6OiWj6J74zBAbhyThPzsRHU333wcW8wOvub1U/UwUwZhc7VJN:BbTOg8h4zBQeQRWvnBZhczN

Score

10^/10

xloader sgs8 discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

sgs8

Decoy

epptexportools.com

theweddingofshadiandmike.com

588movie.com

deannahayko.com

smithkenney.com

mogurin-blog.com

heffner.host

nflflex.com

tshirtcustomdesign.com

livingwithinstinct.com

hanbangvu.com

5starsct.com

jystainlesscoil.com

lechazosdeliebana.com

northeastcampervans.com

halloweeneventsinmiami.com

wellnesswithshami.net

mklaboratories.com

oilepp.club

ravexim3.com

Targets

- Target
  
  quote.exe
- Size
  
  799KB
- MD5
  
  518c618f22b1b55ad13a3a2f83792bf4
- SHA1
  
  8d462ed03ff861ee56d1229f4b128dd429da5aa2
- SHA256
  
  26e9a6c6cd87bd362de79a9557f2b08aa030a80cb9a182e709cba046b9c8a98a
- SHA512
  
  84e01702aa1b54b1703fefb6b6634b29627b293e0f3a0207524fca3a4a2f10efa5b71aaebfb72337b31633aaa27d7a5024ce1a74a8426ba1f61547080836ca85
- SSDEEP
  
  12288:kJp5oqRasUrtUtIevx0fpTDCvTbmqaubHnz4BK0hq2ueuHVdleJ3Lfg+bc0iid6E:2Rvbt5Z0fpOugu42Z6N
Score

10^/10

xloader sgs8 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloadersgs8discoveryloaderrat

behavioral2

xloadersgs8discoveryloaderrat