xloader | d3287fa834e176bdcc641f75e856ce158b022b0d77776f9fea37ef91b5c442ee | Triage

Sharing

General

Target

17a00e54d0b35ab036c2e762106fad08_JaffaCakes118
Size

542KB
Sample

241006-lz1z3ssdjc
MD5

17a00e54d0b35ab036c2e762106fad08
SHA1

4d29e8315b4b7e10373f5a2667165b10d1bbdd39
SHA256

d3287fa834e176bdcc641f75e856ce158b022b0d77776f9fea37ef91b5c442ee
SHA512

8886ddcb1ed598f6f561aba124daf2f6d5846c18f76568962a33cce4fc1063abcb01365f20ceb12398c91435d5d6b895451ef653d7a3f0213e05f6dc85bb3610
SSDEEP

6144:GZ7O/lGq3TYyDeBRNLg7gKKKvJ3k5K71XRcVSy8r2pRHKMqVPDfuPUllmlZ2ZMU:QjYTYyafmcKBvJ3uKxiVHFbHSpDmUll

Score

10^/10

xloader riho discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

riho

Decoy

surfcitydawg.com

pwuq9t.com

prefectfxtrader.com

369xy.com

bjhygj888.com

cabinetfuid.com

houstondynamics.net

bertiebots.com

taboohospitality.com

fearlessthread.com

loropiana-store.online

growthventuresinc.net

artairazur.xyz

tvframesdisply.com

flammifer.biz

gtnetpro.com

b3sportaintment.com

housing-staff.net

superdelicioso.com

14mpt.xyz

Targets

- Target
  
  17a00e54d0b35ab036c2e762106fad08_JaffaCakes118
- Size
  
  542KB
- MD5
  
  17a00e54d0b35ab036c2e762106fad08
- SHA1
  
  4d29e8315b4b7e10373f5a2667165b10d1bbdd39
- SHA256
  
  d3287fa834e176bdcc641f75e856ce158b022b0d77776f9fea37ef91b5c442ee
- SHA512
  
  8886ddcb1ed598f6f561aba124daf2f6d5846c18f76568962a33cce4fc1063abcb01365f20ceb12398c91435d5d6b895451ef653d7a3f0213e05f6dc85bb3610
- SSDEEP
  
  6144:GZ7O/lGq3TYyDeBRNLg7gKKKvJ3k5K71XRcVSy8r2pRHKMqVPDfuPUllmlZ2ZMU:QjYTYyafmcKBvJ3uKxiVHFbHSpDmUll
Score

10^/10

xloader riho discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderrihodiscoveryloaderrat

behavioral2

xloaderrihodiscoveryloaderrat