xloader | 3bd049cc0b0186159866586cf45e897f4ca6f2bd724dd244ebbc54e2a99f2b22 | Triage

Sharing

General

Target

fa968be3b49afa38c035d0e36b7385ae_JaffaCakes118
Size

293KB
Sample

240927-r13sysxclj
MD5

fa968be3b49afa38c035d0e36b7385ae
SHA1

4cf4bfe12ff786c603dde9da81ab10f53810c663
SHA256

3bd049cc0b0186159866586cf45e897f4ca6f2bd724dd244ebbc54e2a99f2b22
SHA512

faf7a1414055f27cc9449d7a8962a395ce6b9e056db58214ecc7d6692a5f2240a39b2bd939ad32bbffacc5e4f0826609fac4c55b8e8493c9d7915477f91ac02b
SSDEEP

6144:4lCyfS9s4YFC6DaN16/BgSHquv53PgOGUG7/ikG4gPHdEtTKa3Gu:EHfEs4YFC5u7xPxG7WjPytTKQGu

Score

10^/10

xloader c8eo agilenet discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

c8eo

Decoy

itsmebecka.com

rinsoku.com

fltcrewcrashpads.com

boostmobiledish.com

contex3.info

beckyhartpcpublishers.com

melsafiltre.net

pyfcw2.com

arctisticwelding.com

rcwrx.com

firesidepoll.net

newpowerconcept.com

makerspharma.com

instantlyfinanciallyfree.com

gourmetgarbage.com

pedegobrewster.com

dysjschool.com

sobue-sc.com

up2drop.com

ejkls.xyz

Targets

- Target
  
  Shipping Document PL&BL Draft.exe
- Size
  
  556KB
- MD5
  
  b2238c351ed41a67f444ea0c119d957d
- SHA1
  
  30f944d175c5075240d84662a5b0b3f7ddfbd85f
- SHA256
  
  f46c3e1152437fbff901cad6cf094298b5e1578a15d204993d715a936e7f501c
- SHA512
  
  ad67d394f57adc6ec625be5c2f1a678b7a4a247346ea1d7f2e4558bbe23d2c7fff65d1429cc85429661532a45ad90670732149f968ed657629974e7c75b3df1a
- SSDEEP
  
  12288:FLDMAzjN4YEAFJmOZ76FpC1PTewf//dC:5UOlopoKw3
Score

10^/10

xloader c8eo agilenet discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Deletes itself
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderc8eoagilenetdiscoveryloaderrat

behavioral2

xloaderc8eoagilenetdiscoveryloaderrat