xloader | ccad88cfcaf9a2b65b29af3fe6b85559efe3ffcf032ada3919cfa656eef60e54 | Triage

Sharing

General

Target

7419a11c48f0ed31dc35a63d44f61392_JaffaCakes118
Size

913KB
Sample

241024-rm1fnsyhqa
MD5

7419a11c48f0ed31dc35a63d44f61392
SHA1

be4a8c7b4bd5232bdc4021215dab6140376ca26a
SHA256

ccad88cfcaf9a2b65b29af3fe6b85559efe3ffcf032ada3919cfa656eef60e54
SHA512

8f2e443c8846660f769d8fe5712279b4a0c5267e99df1f195cc6b87508a7dc93177f6965303a7b529068eff22711ce557e3eec62ddb0557eaeda4c5b5f490b3c
SSDEEP

12288:w3LeA2Ei6hYnM2VBnQ1QB7g5r9B0hlskjES3bBzP5mWK1VU68YYi2tHK7zjzKbo0:2Lsyz+qQhgnWTdBzPUWQBp9zKbo0

Score

10^/10

xloader w56m discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

w56m

Decoy

damai.zone

mywishbookweb.cloud

sandilakeclothing.bid

joysell.net

hackedwhores.com

sjdibang.com

memaquiahiga.com

bleeckerbobs.net

emmettthomas.com

thesheetz.com

mimik33.info

prettyprettybartending.com

3173596.com

shwangjia.com

sightuiop.com

tinnitusnow.online

mahadevexporters.com

cleaninglanarkshire.com

ibiaozhi.net

upinfame.com

Targets

- Target
  
  7419a11c48f0ed31dc35a63d44f61392_JaffaCakes118
- Size
  
  913KB
- MD5
  
  7419a11c48f0ed31dc35a63d44f61392
- SHA1
  
  be4a8c7b4bd5232bdc4021215dab6140376ca26a
- SHA256
  
  ccad88cfcaf9a2b65b29af3fe6b85559efe3ffcf032ada3919cfa656eef60e54
- SHA512
  
  8f2e443c8846660f769d8fe5712279b4a0c5267e99df1f195cc6b87508a7dc93177f6965303a7b529068eff22711ce557e3eec62ddb0557eaeda4c5b5f490b3c
- SSDEEP
  
  12288:w3LeA2Ei6hYnM2VBnQ1QB7g5r9B0hlskjES3bBzP5mWK1VU68YYi2tHK7zjzKbo0:2Lsyz+qQhgnWTdBzPUWQBp9zKbo0
Score

10^/10

xloader w56m discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderw56mdiscoveryloaderrat

behavioral2

xloaderw56mdiscoveryloaderrat