xloader | 82ba148765ef811db68c3cbf69b5f46568a49c7f95005883a5d9a3edb3fd18eb | Triage

Sharing

General

Target

1cca3910af7cdf03cfb41cdf2ef7fafe_JaffaCakes118
Size

669KB
Sample

241007-lt6y5ssfnb
MD5

1cca3910af7cdf03cfb41cdf2ef7fafe
SHA1

1f48ee6db9425a3ad1a1e317067337db6e3cecd4
SHA256

82ba148765ef811db68c3cbf69b5f46568a49c7f95005883a5d9a3edb3fd18eb
SHA512

7bde608c61a3907031d173f0b8127232408cb4b3d84dcd256ef079611a06a54f4160e8fd6d23fcb2a3c5e45a08836ba54d6047c8fc8a6ff4463a3db00883f647
SSDEEP

12288:ayW/HK7zyrm+lkitcau0M38CUdE8msPO+R0bGsmKkLYOCJ+:7wltct0j328mmSbGslkLYOC0

Score

10^/10

xloader n8ba discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n8ba

Decoy

thefitflect.com

anytourist.com

blggz.xyz

ascope.club

obyeboss.com

braun-mathematik.online

mtsnurulislamsby.com

jwpropertiestn.com

animalds.com

cunerier.com

sillysocklife.com

shopliyonamaaghin.net

theredcymbalsco.com

lostbikeproject.com

ryggoqlmga.club

realestatetriggers.com

luvlauricephotography.com

cheesehome.cloud

5fashionfix.net

wata-6-rwem.net

Targets

- Target
  
  1cca3910af7cdf03cfb41cdf2ef7fafe_JaffaCakes118
- Size
  
  669KB
- MD5
  
  1cca3910af7cdf03cfb41cdf2ef7fafe
- SHA1
  
  1f48ee6db9425a3ad1a1e317067337db6e3cecd4
- SHA256
  
  82ba148765ef811db68c3cbf69b5f46568a49c7f95005883a5d9a3edb3fd18eb
- SHA512
  
  7bde608c61a3907031d173f0b8127232408cb4b3d84dcd256ef079611a06a54f4160e8fd6d23fcb2a3c5e45a08836ba54d6047c8fc8a6ff4463a3db00883f647
- SSDEEP
  
  12288:ayW/HK7zyrm+lkitcau0M38CUdE8msPO+R0bGsmKkLYOCJ+:7wltct0j328mmSbGslkLYOC0
Score

10^/10

xloader n8ba discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloadern8badiscoveryloaderrat

behavioral2

xloadern8badiscoveryloaderrat