xloader | eef7bfbe59617838031db137e1c71c315dd465500fcebca0aef1d252422b4b7a | Triage

Submit
Reports

Overview

overview

Static

static

3

f0740682e5...18.exe

windows7-x64

f0740682e5...18.exe

windows10-2004-x64

Sharing

General

Target

f0740682e5d4fcd5ed0e2e6006aed5cf_JaffaCakes118
Size

344KB
Sample

240415-gg4wssgb43
MD5

f0740682e5d4fcd5ed0e2e6006aed5cf
SHA1

17f5c837862bc0243f55de664f91a8a195ca3a34
SHA256

eef7bfbe59617838031db137e1c71c315dd465500fcebca0aef1d252422b4b7a
SHA512

e54ef90f665832bcaa863b021b0f3192acc5d1b42e4afbfbb208cb5a4385c0ad21955cbbe169f6188959d3456a8d20197010f5916c80a1fc1a315a702207b40d
SSDEEP

6144:or1otBTW/urWZ6klh35QjEC74CYxsUIsDPiLPPB9Kp8kOI7iBe:m6BTW/u9C5AEtIsDKxW0Im

Score

10^/10

xloader zgrat u3r5 loader persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f0740682e5d4fcd5ed0e2e6006aed5cf_JaffaCakes118.exe

Resource

win7-20240221-en

xloader zgrat u3r5 loader persistence rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f0740682e5d4fcd5ed0e2e6006aed5cf_JaffaCakes118.exe

Resource

win10v2004-20240412-en

xloader zgrat u3r5 loader persistence rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u3r5

Decoy

alashan.ltd

demopagephequan.online

garxznql.icu

unetart.com

dajiangzhibo15.com

influencer.fund

beverlyhills.city

strefafryzur.net

giftboxhawaii.com

ecotiare.com

homeandgardenradioshow.com

sageandsandco.com

laflesoley.com

icipatanegra.online

autovistoriapredial.net

xn--polenezkypark-pmb.com

cbdamic.com

aaronandmarissa.com

datasoma.digital

theclosetology.com

seemajindal.com

smartphone-digital.com

mldarby.com

ljhlwyy.com

racevc.com

aritailor.com

neuromemebook.com

zpnfoslqyshplulrkycalmor.com

123movie.review

enisis.info

thecalligraphyguide.com

confirmcarousel.life

djaystransport.com

joyful888.com

realmarketingtools.com

greensstrings.com

rhinohealthnews.club

daonedu.net

everythingfinesse.com

vitalgiant.com

youhodlwr.com

originalownersonline.com

testci20200827122104.com

japanmatrix.xyz

bodybrush-shower.com

careinnovationsummit.com

thefreakypeach.com

houstoncupcakes.com

medisola.xyz

taconicsearchmarketing.com

parcclematis-newlaunch.com

zhongshengzhenzhi.com

txdv-scmcz.xyz

buy-colorado.com

membership.site

amirbakhtiar.com

healthonours.com

tanja-wittk1975.com

gemaylola.com

inpursuitofmyfirstlove.com

advantagebusiness-solutions.com

modernlegacyacademy.com

psuscience.com

wakumo.store

cumhuriyetcidemokratpartisi.kim

Targets

- Target
  
  f0740682e5d4fcd5ed0e2e6006aed5cf_JaffaCakes118
- Size
  
  344KB
- MD5
  
  f0740682e5d4fcd5ed0e2e6006aed5cf
- SHA1
  
  17f5c837862bc0243f55de664f91a8a195ca3a34
- SHA256
  
  eef7bfbe59617838031db137e1c71c315dd465500fcebca0aef1d252422b4b7a
- SHA512
  
  e54ef90f665832bcaa863b021b0f3192acc5d1b42e4afbfbb208cb5a4385c0ad21955cbbe169f6188959d3456a8d20197010f5916c80a1fc1a315a702207b40d
- SSDEEP
  
  6144:or1otBTW/urWZ6klh35QjEC74CYxsUIsDPiLPPB9Kp8kOI7iBe:m6BTW/u9C5AEtIsDKxW0Im
Score

10^/10

xloader zgrat u3r5 loader persistence rat
- Detect ZGRat V1
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Xloader payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xloaderzgratu3r5loaderpersistencerat

behavioral2

xloaderzgratu3r5loaderpersistencerat

© 2018-2024

Terms | Privacy