xloader | 5131b99eca49a0694073f43f58543781fd6adecc63a0cd643a50686b4d3e001a | Triage

Sharing

General

Target

4b32fb4d21ff7225187b42d4c9722dce_JaffaCakes118
Size

1.1MB
Sample

241016-dwwl7azeph
MD5

4b32fb4d21ff7225187b42d4c9722dce
SHA1

331e10b03dc5cf994d3985aea2570f08e2707560
SHA256

5131b99eca49a0694073f43f58543781fd6adecc63a0cd643a50686b4d3e001a
SHA512

d4031c8069d11d78007f215471a982d12ab6059b973477961943dc33d2bf3d0547c95776ebc4b514130964ea9c5e77d2e1b855515c0dea7edf3498e501e2531d
SSDEEP

12288:2Gy2V8gP2iNdmth0+QHU6fm5LJHdkhjn+IZjxwRyCVWHz3T/J4GLIh+wT4P:b1yh0+CcFdyjSkCVm/Jql0

Score

10^/10

xloader w56m discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

w56m

Decoy

damai.zone

mywishbookweb.cloud

sandilakeclothing.bid

joysell.net

hackedwhores.com

sjdibang.com

memaquiahiga.com

bleeckerbobs.net

emmettthomas.com

thesheetz.com

mimik33.info

prettyprettybartending.com

3173596.com

shwangjia.com

sightuiop.com

tinnitusnow.online

mahadevexporters.com

cleaninglanarkshire.com

ibiaozhi.net

upinfame.com

Targets

- Target
  
  4b32fb4d21ff7225187b42d4c9722dce_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  4b32fb4d21ff7225187b42d4c9722dce
- SHA1
  
  331e10b03dc5cf994d3985aea2570f08e2707560
- SHA256
  
  5131b99eca49a0694073f43f58543781fd6adecc63a0cd643a50686b4d3e001a
- SHA512
  
  d4031c8069d11d78007f215471a982d12ab6059b973477961943dc33d2bf3d0547c95776ebc4b514130964ea9c5e77d2e1b855515c0dea7edf3498e501e2531d
- SSDEEP
  
  12288:2Gy2V8gP2iNdmth0+QHU6fm5LJHdkhjn+IZjxwRyCVWHz3T/J4GLIh+wT4P:b1yh0+CcFdyjSkCVm/Jql0
Score

10^/10

xloader w56m discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderw56mdiscoveryloaderrat

behavioral2

xloaderw56mdiscoveryloaderrat