xloader | 7942dabd41df7897496ff6aa05fc22f6a94515fb09d473bd1b906fe2c0e4d9ab | Triage

Sharing

General

Target

7942dabd41df7897496ff6aa05fc22f6a94515fb09d473bd1b906fe2c0e4d9ab
Size

778KB
Sample

241121-zhacpaxmez
MD5

412c3695d13613e5800813cd0fb9e1d4
SHA1

4a53f46738a32cac8dc6e324b5403b142725d26f
SHA256

7942dabd41df7897496ff6aa05fc22f6a94515fb09d473bd1b906fe2c0e4d9ab
SHA512

155ee1d79b7ba86f30bc658fe735f327c3aa558719505bb053ffe387741bb6ca4ce316b8c74e30d1f7f1af2e3ee1975132ed1af1dce28005d5d862bf93d600f3
SSDEEP

24576:c7iODdn4gLurCbb6usLIbb09YJrvffJcBzlgU+fQepcc:S/Ddn4LrCTdPrBKzlgU+Rcc

Score

10^/10

xloader pz9b discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pz9b

Decoy

gochili.info

cyberdatadefence.com

payonbux.com

candiceswanepoelbrasil.com

mykaoa.com

tanabe-kanagu.com

dovetailgoodlife.xyz

alabasterautomotive.com

tajc.club

authwdqtsi6sojynof9gmazon.com

cookingguides.net

yah360.com

berriq.com

freetoreview.online

yachtsgoneonline.com

clothestokidsri.com

howtogetstartedwithfba.com

simplepartyplanning.com

sunrisekai.com

wealthfarmer.net

Targets

- Target
  
  Order.bin
- Size
  
  1.2MB
- MD5
  
  dd6ab6cd17a66d48c5f1b61d8231505d
- SHA1
  
  36e490c417ab95e4878b29944566815da1095bac
- SHA256
  
  3065b2805c8d1f2fa4039d335a17855c65572f9fff179ddc5a279dd4bb7f58f0
- SHA512
  
  e336a6af2f39b038c1c8025e6d2d1d02c6f533939a86096c38c4e293ecd6abdc4abbf595c58411077cb2c7b4100787208ce5cd35becb12655d65d68b169476ae
- SSDEEP
  
  24576:PjAvRjwswHArvKQiUYbPcAJRKHhD+apppQ:Po51LKQ9YbZRKHE
Score

10^/10

xloader pz9b discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderpz9bdiscoveryloaderrat

behavioral2

xloaderpz9bdiscoveryloaderrat