xloader | fc144e7e5c01d580e1d4ab639b16df8379fcd82ee73c88b9fa0a605f8283e174 | Triage

Sharing

General

Target

706f2e7c6cafb3205cff3d498bb5a773_JaffaCakes118
Size

734KB
Sample

241023-xzp4cswara
MD5

706f2e7c6cafb3205cff3d498bb5a773
SHA1

4fe7c2674dbe9106d40c8ab611d5375203fb5fd2
SHA256

fc144e7e5c01d580e1d4ab639b16df8379fcd82ee73c88b9fa0a605f8283e174
SHA512

8ef8e1fb5a43e3a49428bed32336a1afe3440f16dd1971bf68c5086d1276bee0b6156a7e527fa0eebc6ca164784081771750df67817837d5c244ef6c239d73dd
SSDEEP

12288:whx0wWh6FKgqv1JC/GId8spXECbCsSyLQBp5oUF0HK7zNc8JCfMofvTTcFE2zI6t:x4dd8cbfzU1hFJMn8FjfEr5DDwCI1C4z

Score

10^/10

xloader nvq4 discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

nvq4

Decoy

emorytxinsurance.com

bastansonatarih.com

ysainasen.com

hillbilliesunite.net

lshuinai.com

consultpapers.com

digontorekha.com

diaobi.net

moonlightclayco.com

sh-junshen.com

maksavit.site

ushasoftbd.com

vienesacarnicos.com

milkonphone.com

lifeinthelineofduty.com

blackamericanoutlaw.com

wonkrushop.com

elearnium.com

scottbruce.info

anantaonline.com

Targets

- Target
  
  706f2e7c6cafb3205cff3d498bb5a773_JaffaCakes118
- Size
  
  734KB
- MD5
  
  706f2e7c6cafb3205cff3d498bb5a773
- SHA1
  
  4fe7c2674dbe9106d40c8ab611d5375203fb5fd2
- SHA256
  
  fc144e7e5c01d580e1d4ab639b16df8379fcd82ee73c88b9fa0a605f8283e174
- SHA512
  
  8ef8e1fb5a43e3a49428bed32336a1afe3440f16dd1971bf68c5086d1276bee0b6156a7e527fa0eebc6ca164784081771750df67817837d5c244ef6c239d73dd
- SSDEEP
  
  12288:whx0wWh6FKgqv1JC/GId8spXECbCsSyLQBp5oUF0HK7zNc8JCfMofvTTcFE2zI6t:x4dd8cbfzU1hFJMn8FjfEr5DDwCI1C4z
Score

10^/10

xloader nvq4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloadernvq4discoveryloaderrat

behavioral2

xloadernvq4discoveryloaderrat