xloader | 0a7a5f4a91ffb0759dd7e1fe9ddfe419c96e4d881060fc93968f92dd0b2aca8b | Triage

Sharing

General

Target

0a7a5f4a91ffb0759dd7e1fe9ddfe419c96e4d881060fc93968f92dd0b2aca8b
Size

465KB
Sample

241121-znkqlsskdm
MD5

e88073c9b288839176876172a2010487
SHA1

906408ad46e564b045063c4e1661379e7f46abd2
SHA256

0a7a5f4a91ffb0759dd7e1fe9ddfe419c96e4d881060fc93968f92dd0b2aca8b
SHA512

6f166babd95d45c94966af2da552d8ac6d7ce22dede1a6ea988b1ecfa6d1b1561e08b92518248a1c6b015b600b1aa31fe82c0ea638cea1660d823dc3d1f7b73c
SSDEEP

12288:Y3XQWfR2Wom3V8e6xgD/gNywO/j9xSzFMwfh8izxd0TlHE:YxFdl6qD/3wcOzjp8izxdolHE

Score

10^/10

xloader b6cu discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6cu

Decoy

sxdiyan.com

web0084.com

cpafirmspokane.com

la-bio-geo.com

chacrit.com

stuntfighting.com

rjsworkshop.com

themillennialsfinest.com

thefrontrealestate.com

chairmn.com

best1korea.com

gudssutu.icu

backupchip.net

shrikanthamimports.com

sportrecoverysleeve.com

healthy-shack.com

investperwear.com

intertradeperu.com

resonantonshop.com

greghugheslaw.com

Targets

- Target
  
  3fd3f37912e5aa23fceb3877d6ee43c8b102410d4fc90b147aab266972939b07
- Size
  
  695KB
- MD5
  
  7cd694db75c939ed51f668809c7d9f14
- SHA1
  
  cc26f30730167d1a746a20564d3568376c5b4afa
- SHA256
  
  3fd3f37912e5aa23fceb3877d6ee43c8b102410d4fc90b147aab266972939b07
- SHA512
  
  69e6f521a771f8bfb2c5989db52ec99f19adaf6bc721de6857a2d47660b37bd5f9b786c0b4bf78d4ac82322d26235c13fb444b6590ba6c85ef009758ddeb6fb4
- SSDEEP
  
  12288:Ik2utdK/JyxD8ovTikXA8t/9QFBHeh18U/k4DbF53e0IUFLlb6+QG8:IvIQkxDDvTikXAmQFB+L8Ow
Score

10^/10

xloader b6cu discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderb6cudiscoveryloaderrat

behavioral2

xloaderb6cudiscoveryloaderrat