xloader | a2067ce6f40be6dee1fa10c0155582a43e4b4d5b4bfe1fcf7f239332534b7109 | Triage

Sharing

General

Target

862838f5e798c19a2c222994789b5b73_JaffaCakes118
Size

418KB
Sample

240402-h7n4psbd29
MD5

862838f5e798c19a2c222994789b5b73
SHA1

7dce91828df96ad8a6dae4fa1415dbf6755cb143
SHA256

a2067ce6f40be6dee1fa10c0155582a43e4b4d5b4bfe1fcf7f239332534b7109
SHA512

06b9d77e854045c88bc9440f0e3680930687319c4e0ba9cdf1271614d66b6d732dfd354c27ea847374c7cffde2a786810240888a19431e1ebe9707c2cc3671c2
SSDEEP

6144:h+sLgo0hS223C6iRsSWF/gupkFifsX6ppQraXTeIi+P8tUQi/qvUa5m3KHosEkSI:JS5qNF39fsX6vBjeI4Ct9ao6TJuI

Score

10^/10

xloader naec loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

naec

Decoy

thugcephus.com

yelomasala.com

rowyprima.quest

besasin09.com

globerentalcar.com

super-dev-li.online

legendaparayoutube.com

sharj4030.online

freebiesandgiveaways.com

greenidge.bet

aligned.guide

limowatchshop.com

cqreb.com

justforlulu.xyz

sppn.info

mycaroutlet.store

lcrventures.com

ultimateapparelprints.online

katakorik.com

jfrecycling.com

Targets

- Target
  
  862838f5e798c19a2c222994789b5b73_JaffaCakes118
- Size
  
  418KB
- MD5
  
  862838f5e798c19a2c222994789b5b73
- SHA1
  
  7dce91828df96ad8a6dae4fa1415dbf6755cb143
- SHA256
  
  a2067ce6f40be6dee1fa10c0155582a43e4b4d5b4bfe1fcf7f239332534b7109
- SHA512
  
  06b9d77e854045c88bc9440f0e3680930687319c4e0ba9cdf1271614d66b6d732dfd354c27ea847374c7cffde2a786810240888a19431e1ebe9707c2cc3671c2
- SSDEEP
  
  6144:h+sLgo0hS223C6iRsSWF/gupkFifsX6ppQraXTeIi+P8tUQi/qvUa5m3KHosEkSI:JS5qNF39fsX6vBjeI4Ct9ao6TJuI
Score

10^/10

xloader naec loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloadernaecloaderrat

behavioral2

xloadernaecloaderrat