xloader | 7280419b73c5bd75551013c2abe327e15f90cb0f5d4de854bfa7bef5f8f92ad6 | Triage

Sharing

General

Target

0f3ad8b37553c60914e62e1c274e8e26_JaffaCakes118
Size

1.0MB
Sample

241003-r7l4sathpb
MD5

0f3ad8b37553c60914e62e1c274e8e26
SHA1

7954ccb7edaa00714f3f791ba48983bdc8048037
SHA256

7280419b73c5bd75551013c2abe327e15f90cb0f5d4de854bfa7bef5f8f92ad6
SHA512

6a09faeca7bacac60a120e44715300a726a39cb4707bfd14d68cfbd1cc5877407c90a083b94471e90dc203ec6bd3ec2527a1d760b3b937c8f78e79fc14ffad75
SSDEEP

12288:gwumX/w2iNgSFRSCSabatHlWlF2yJyENKus3oYf2xo/mn:vw1WSDDGyJygKusZgoO

Score

10^/10

xloader nvq4 discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

nvq4

Decoy

emorytxinsurance.com

bastansonatarih.com

ysainasen.com

hillbilliesunite.net

lshuinai.com

consultpapers.com

digontorekha.com

diaobi.net

moonlightclayco.com

sh-junshen.com

maksavit.site

ushasoftbd.com

vienesacarnicos.com

milkonphone.com

lifeinthelineofduty.com

blackamericanoutlaw.com

wonkrushop.com

elearnium.com

scottbruce.info

anantaonline.com

Targets

- Target
  
  0f3ad8b37553c60914e62e1c274e8e26_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  0f3ad8b37553c60914e62e1c274e8e26
- SHA1
  
  7954ccb7edaa00714f3f791ba48983bdc8048037
- SHA256
  
  7280419b73c5bd75551013c2abe327e15f90cb0f5d4de854bfa7bef5f8f92ad6
- SHA512
  
  6a09faeca7bacac60a120e44715300a726a39cb4707bfd14d68cfbd1cc5877407c90a083b94471e90dc203ec6bd3ec2527a1d760b3b937c8f78e79fc14ffad75
- SSDEEP
  
  12288:gwumX/w2iNgSFRSCSabatHlWlF2yJyENKus3oYf2xo/mn:vw1WSDDGyJygKusZgoO
Score

10^/10

xloader nvq4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloadernvq4discoveryloaderrat

behavioral2

xloadernvq4discoveryloaderrat