xloader | f3fad3097ec1947d00b36ef871933e2f3f2816927036a41c44c051db63c4e421 | Triage

Sharing

General

Target

f3fad3097ec1947d00b36ef871933e2f3f2816927036a41c44c051db63c4e421.exe
Size

627KB
Sample

241123-cnqkja1pdk
MD5

8f797bd931586231c0a6352ce1f6d7dd
SHA1

eaedddceabf7ea565b953e86d3416ea6cfa1066d
SHA256

f3fad3097ec1947d00b36ef871933e2f3f2816927036a41c44c051db63c4e421
SHA512

67699bf4584d3362d86daa0f80aafd5d0426acea0f037e48b4684316dc6873166ff9b054c0bace832fe865c1f7a5bc34694e6b7284dbdf2226e7fb979e4b5ba2
SSDEEP

12288:gTBxGPLZfGTRm1TlxBWitODCR9j5l4wZbnQdQLbU8Xg4T9guZl3G:gTDGFf6ylWiIGj5l4mbQd18Zg9

Score

10^/10

xloader s86j discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s86j

Decoy

getlumichargeserver.com

act-vitaalcoach.store

craftgeekz.com

monetflowerfarm.com

morakotislandrealty.com

onlineastrologeruk.com

evvpsml.com

hnbtc.net

auxiliacapitalpartnersllc.com

rdwoodworksstore.com

shulwinfitness.com

arterialhealthgrids.com

cryptork.biz

solomini-tech.com

porttownsendapartments.com

poprumor.com

assetsauctioneer.com

electronics2anyone.com

upskillpme.online

247fooddelivery.com

Targets

- Target
  
  f3fad3097ec1947d00b36ef871933e2f3f2816927036a41c44c051db63c4e421.exe
- Size
  
  627KB
- MD5
  
  8f797bd931586231c0a6352ce1f6d7dd
- SHA1
  
  eaedddceabf7ea565b953e86d3416ea6cfa1066d
- SHA256
  
  f3fad3097ec1947d00b36ef871933e2f3f2816927036a41c44c051db63c4e421
- SHA512
  
  67699bf4584d3362d86daa0f80aafd5d0426acea0f037e48b4684316dc6873166ff9b054c0bace832fe865c1f7a5bc34694e6b7284dbdf2226e7fb979e4b5ba2
- SSDEEP
  
  12288:gTBxGPLZfGTRm1TlxBWitODCR9j5l4wZbnQdQLbU8Xg4T9guZl3G:gTDGFf6ylWiIGj5l4mbQd18Zg9
Score

10^/10

xloader s86j discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaders86jdiscoveryloaderrat

behavioral2

xloaders86jdiscoveryloaderrat