xloader | a704e23e94a60b587af2ecb134b1c6e8d46501a4b0e7a5ab5fdb4f726be37baf | Triage

Sharing

General

Target

b6369e7ea17516536af86280becd0691_JaffaCakes118
Size

297KB
Sample

241202-ca921stjhx
MD5

b6369e7ea17516536af86280becd0691
SHA1

b7d1b10e09979408f62fedc9028bc9b456597d04
SHA256

a704e23e94a60b587af2ecb134b1c6e8d46501a4b0e7a5ab5fdb4f726be37baf
SHA512

3153b0a0d5d718a9203814e68b037a6da44c16343421b9dd245a49d88eb754d79291f88558b8de770d3e82cd331993b3f73db2be1187363943fab8c28eee364f
SSDEEP

6144:eLA2shjRWXUS+Bf3KatK9P2Va20SFfva0lzp0KDsmvFmPG62ryY4v3:B7j/3KafVaqFfva0lzpJOPP2eYg

Score

10^/10

xloader snaa discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

snaa

Decoy

ivetau.com

jupstudios.com

myvintagespecs.com

nineliveslabs.xyz

linahaljarad.com

itbling.com

bqmmw.com

danmgg.com

savalanxe.com

gasolinestation.info

blankedu.com

virginiacannabislawyer.com

jochichicago.com

herbwarts.com

bigcitygigs.com

gheeduvine.com

underwoodway.net

philosophia-perennis.club

milanodesk.com

myrandr.com

Targets

- Target
  
  PURCHASE_ORDER_00987_PDF.exe
- Size
  
  430KB
- MD5
  
  ac6706073f054030b05b71bdf23afc11
- SHA1
  
  dd90b7dea8bf16002b7bcef6f358b4eaefac62a6
- SHA256
  
  70e7c5966ac86d48e0519f9b2b34703d2915b603836f4de0be2a2badddd258e7
- SHA512
  
  dd86dfa395eb5930d7ba1f41f0d95d659b04b619c8b40e4903c3c04f9f6b09d160fd7da4c86a1cca8d9eca6a55cd5cb86c200967fd2d9ec68cb13475a0f463da
- SSDEEP
  
  12288:f12LO9X78MZ57vZ7NmeeKjVrqZiEOiewVrIdtBm8fO6:f12Lm7FEee6FsiuewQtg8fO6
Score

10^/10

xloader snaa discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloadersnaadiscoveryloaderrat

behavioral2

xloadersnaadiscoveryloaderrat