xloader | 52aaa20eef4d75bb209ef1d632a3e5a894358ebbd5ae9e18262868209fa30b7c | Triage

Sharing

General

Target

ea33022709c503df639489d609127c21_JaffaCakes118
Size

837KB
Sample

240409-rtzgyscg8y
MD5

ea33022709c503df639489d609127c21
SHA1

accd2282ec0d04f190d2cd9c6e89394379cb7e7d
SHA256

52aaa20eef4d75bb209ef1d632a3e5a894358ebbd5ae9e18262868209fa30b7c
SHA512

520c38e7cd4fa209146961b2ecffe70d8a54227dbe84a8c33a0bb4ae947d5cac22a68ae58f69b37ef75e4b852833e710b6069beade5562272642a1231b3858c4
SSDEEP

12288:CleaXJ+qopzb8WE3vOuq6wiIOFGkFOKicf35Qg6L2/ZsjSmxjnV:7k+GWEGuqykkFvd35Qgf/ZsumV

Score

10^/10

xloader b6cu loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b6cu

Decoy

votreconseilfinancier.com

wholesaleplay.com

komfy.store

hsyunfan.com

tournamenttips.com

yourbusine.xyz

wrg-referrals.com

harmless-oily.com

whizdomtowealth.com

xusmods.com

cleanerstoday.com

finopscert.com

paerexpress.com

kankb.com

res-o.info

balonpantolon.com

freedownloadbiz.info

jeffegriffin.com

gobahis119.com

ourcalvinsarm.com

Targets

- Target
  
  ea33022709c503df639489d609127c21_JaffaCakes118
- Size
  
  837KB
- MD5
  
  ea33022709c503df639489d609127c21
- SHA1
  
  accd2282ec0d04f190d2cd9c6e89394379cb7e7d
- SHA256
  
  52aaa20eef4d75bb209ef1d632a3e5a894358ebbd5ae9e18262868209fa30b7c
- SHA512
  
  520c38e7cd4fa209146961b2ecffe70d8a54227dbe84a8c33a0bb4ae947d5cac22a68ae58f69b37ef75e4b852833e710b6069beade5562272642a1231b3858c4
- SSDEEP
  
  12288:CleaXJ+qopzb8WE3vOuq6wiIOFGkFOKicf35Qg6L2/ZsjSmxjnV:7k+GWEGuqykkFvd35Qgf/ZsumV
Score

10^/10

xloader b6cu loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderb6culoaderrat

behavioral2

xloaderb6culoaderrat