xloader | e58040ca544dd66359a8937addea0bc7749b3b724015b6b4b251216bdbe2ce58 | Triage

Sharing

General

Target

e58040ca544dd66359a8937addea0bc7749b3b724015b6b4b251216bdbe2ce58
Size

412KB
Sample

241121-zc4dksxlez
MD5

aa8ed697268965f6d1f484d83902f7bf
SHA1

e6655e5bf6a36ff49e0bdfa8221c689a1ad8be41
SHA256

e58040ca544dd66359a8937addea0bc7749b3b724015b6b4b251216bdbe2ce58
SHA512

24e9f8bace67a540d32a07e44bbfc1307a78c89fd8fa7a382179d64a9448a63ee76462cea6e936be65cee856e71c4b13fedb832b47e4c15d15bad463ddb10c2d
SSDEEP

6144:HeTHu6aeEO5wngTAkUut8+cteydu6L+z1Cso+zDAbKoIL3+FLWldUaUP:q95wgTNUl0I+z1C0scMLWNUP

Score

10^/10

xloader fo8q discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fo8q

Decoy

idesignbymadelinefl.com

finleygoods.com

hfxyyq.com

jjhh9656.com

superstarcoding.com

synergybridges.com

fantom.art

zebramovie.com

keephimmine.com

cmbego.com

shreegurudattaenterprises.com

appcoinsupport.services

roysecitystorage.com

gentlemensstories.com

hubinternationalinnovation.com

letscleartheairnow.com

strueyouneedto.space

schoolofsevens.com

cannaonline.net

slimmersite.com

Targets

- Target
  
  JSEX10210033.exe
- Size
  
  659KB
- MD5
  
  8ca280d8728f0b0e03ad27ec04024732
- SHA1
  
  defbb74a6049ee6fb6070e535bd58942c10d4d60
- SHA256
  
  5480270e0354df8f209301009f1ef6f1a1c39b800a7fb0c5d5d69c4a81441cc5
- SHA512
  
  dee1a463a664ff5b016f774bd72245f3e76b31d81aae033290c3dc6a62a6761330c800dd46ef3421b863370feebec6e8fc2aff56d766d378416ed50e4dda2437
- SSDEEP
  
  6144:h8/dDx5ItULlPpukQe9QDfgAxmNzWdjPCUaR6nt2Nr3Dyq4MAsTrw4Jh0k:6/ZDRJQea/azWdjK6KDyMAK1
Score

10^/10

xloader fo8q discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderfo8qdiscoveryloaderrat

behavioral2

xloaderfo8qdiscoveryloaderrat