xloader | 86d41e7be9aed92953873e3ac6e2dcd9a624a8a8677409c7cfeb9a5b5f58b499 | Triage

Sharing

General

Target

7ca9a0d88ba188e86459dec2787d2a62_JaffaCakes118
Size

226KB
Sample

240731-q5vgpswfkn
MD5

7ca9a0d88ba188e86459dec2787d2a62
SHA1

2a2fa39e00a34bba02df935f500174684a26e189
SHA256

86d41e7be9aed92953873e3ac6e2dcd9a624a8a8677409c7cfeb9a5b5f58b499
SHA512

e110b98d1feb4942a3bb42231b8dc8218d55f355db65c8b1ae66928cb246bf9e9545e36c0c5b96bf8e8e51d4d326376a1a0c324e12dd6365801c149818f07602
SSDEEP

6144:OnHtJqpGKzfk32FU+WxTWAxDz9eAfsSebT96h:At0fk3W6iU38AvS6h

Score

10^/10

xloader u0uf discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u0uf

Decoy

majin.land

guidedcommercialloans.com

hehualong.net

bblbrakes.net

chasingcreativitymovie.com

apozob.com

vegetshop.com

dronebezorgd.com

firicel.com

eqo9.com

smartmovehub.com

eidvault.com

vistagalaxy.com

turfplace.com

tawnybrodie.com

wwwmcafeec.com

coaching-suisse.com

gardnerbrew.com

best20sitestosellclothes.com

travelbia.com

Targets

- Target
  
  7ca9a0d88ba188e86459dec2787d2a62_JaffaCakes118
- Size
  
  226KB
- MD5
  
  7ca9a0d88ba188e86459dec2787d2a62
- SHA1
  
  2a2fa39e00a34bba02df935f500174684a26e189
- SHA256
  
  86d41e7be9aed92953873e3ac6e2dcd9a624a8a8677409c7cfeb9a5b5f58b499
- SHA512
  
  e110b98d1feb4942a3bb42231b8dc8218d55f355db65c8b1ae66928cb246bf9e9545e36c0c5b96bf8e8e51d4d326376a1a0c324e12dd6365801c149818f07602
- SSDEEP
  
  6144:OnHtJqpGKzfk32FU+WxTWAxDz9eAfsSebT96h:At0fk3W6iU38AvS6h
Score

10^/10

xloader u0uf discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderu0ufdiscoveryloaderrat

behavioral2

xloaderu0ufdiscoveryloaderrat