xloader | f3272e7d0612d36b532d6a99a15fea8fb9c453188847a12b69d539719c0c8c16 | Triage

Sharing

General

Target

ef1d8e37a5a4444647750ba386f63653_JaffaCakes118
Size

776KB
Sample

240412-excfdaef84
MD5

ef1d8e37a5a4444647750ba386f63653
SHA1

246446d7a2fe7c8946b3e001c176f01616efd724
SHA256

f3272e7d0612d36b532d6a99a15fea8fb9c453188847a12b69d539719c0c8c16
SHA512

1b6f17298f99b9e60cbbe435efca347658b6bbd8a1bfe7c65af3a209675a3dc909e0e0eb264c244e74f1ca2d5dcb0e0277d47cc2c66e1cdbbc7ecf72faf66c54
SSDEEP

12288:iIVbU2A+XVxfa7zU2ai6D3h0kaHHMzg8/W9tMyDi0+/Frrs+3ZDJZyH:ZXvFxYai6DbanROa4pDJZyH

Score

10^/10

xloader b8eu agilenet loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b8eu

Decoy

ppslide.com

savorysinsation.com

camilaediego2021.com

rstrunk.net

xianshikanxiyang.club

1borefruit.com

ay-danil.club

xamangxcoax.club

waltonunderwood.com

laurabissell.com

laurawmorrow.com

albamauto.net

usamlb.com

theoyays.com

freeitproject.com

jijiservice.com

ukcarpetclean.com

wc399.com

xn--pskrtmebeton-dlbc.online

exclusivemerchantsolutions.com

Targets

- Target
  
  ef1d8e37a5a4444647750ba386f63653_JaffaCakes118
- Size
  
  776KB
- MD5
  
  ef1d8e37a5a4444647750ba386f63653
- SHA1
  
  246446d7a2fe7c8946b3e001c176f01616efd724
- SHA256
  
  f3272e7d0612d36b532d6a99a15fea8fb9c453188847a12b69d539719c0c8c16
- SHA512
  
  1b6f17298f99b9e60cbbe435efca347658b6bbd8a1bfe7c65af3a209675a3dc909e0e0eb264c244e74f1ca2d5dcb0e0277d47cc2c66e1cdbbc7ecf72faf66c54
- SSDEEP
  
  12288:iIVbU2A+XVxfa7zU2ai6D3h0kaHHMzg8/W9tMyDi0+/Frrs+3ZDJZyH:ZXvFxYai6DbanROa4pDJZyH
Score

10^/10

xloader b8eu agilenet loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Executes dropped EXE
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xloaderb8euagilenetloaderrat