xloader | 70d9343a08019985237ed2346bdbfd513958c2ee603826a16f5402150e105016 | Triage

Sharing

General

Target

70d9343a08019985237ed2346bdbfd513958c2ee603826a16f5402150e105016
Size

686KB
Sample

241121-zby3gaxlbv
MD5

a085d13de5ade43522aeb82d6ae1d060
SHA1

80976553d59a7a4bc545232a7f052aa68eca96d3
SHA256

70d9343a08019985237ed2346bdbfd513958c2ee603826a16f5402150e105016
SHA512

c087af8a070157c100e4b44791918ff9c151cdf470674eb783f489db3345d339a119e9f4e80d4e48b84517a0f2ab3a38e600da7b26038017de49cb5653d64323
SSDEEP

12288:KlyvTYVFyhLxFzZtCJZca2d4iYY63S3d2rPkdVLITBgsSeyN1ubU:KOYjSPZtCELd4iQC3C8dVMsey

Score

10^/10

xloader 3edq discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

3edq

Decoy

qf212.com

cleanmoscow.com

shopkaitek.com

gehaflouine.com

saintlouisconsulting.com

kmeltonbeauty.com

kylaapp.com

ildstudyclub.com

fiat-mcmotors.today

daugoithaoduocphubac.com

associatesgmailonline.com

lsbtjx.com

almasgreat.com

francedeliverydhl.xyz

racevx.xyz

izaeristesi.com

tubacexgroups.com

envioslamacha.com

webtpon.com

rlnursinghomecare.com

Targets

- Target
  
  Enquiry.exe
- Size
  
  813KB
- MD5
  
  bb97d34fddf332ca03f69c16dc1b3ddf
- SHA1
  
  1c5c320dea0b4113c29e159fc69f71e483134cdb
- SHA256
  
  f2d382ad3eba8f9911837369359508a3cca7d3757de74b1284e4d530937b6f28
- SHA512
  
  b7733170085db549336c9d579921f2751319e7176767d0b1529c983cdb0eea8e0a6a902807f3ff9f3fdffc465d28f451fa0402e0da248c12d7fc642ad5341d2c
- SSDEEP
  
  12288:dBOXamCTLMQrkTuLLvGLN/vzgtK72rDmVLzkmZ22YZLoPZ4SI9VCZ6vO+2:dBO6TLM22UKGsWmVLz/2jLoxyB2
Score

10^/10

xloader 3edq discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloader3edqdiscoveryloaderrat

behavioral2

xloader3edqdiscoveryloaderrat