xloader | d1f6a233ac2f32b294aab2fbab59ffea7747cbe238fc12efa7e8d4bf064ffea9 | Triage

Sharing

General

Target

8ed7a017019ddb3974773f00201ce7ff_JaffaCakes118
Size

898KB
Sample

241104-dm1vjsvlek
MD5

8ed7a017019ddb3974773f00201ce7ff
SHA1

f16859ce1b234c227839c5a281657fcac3fca32b
SHA256

d1f6a233ac2f32b294aab2fbab59ffea7747cbe238fc12efa7e8d4bf064ffea9
SHA512

7d60ca32f12d5c73772f10f7bf614547db3613fcb0626af2583dd3038b983e9a69fce6f31cd02649e3cb9f4c97d8d122868037b97240ff17af264b70e211d49c
SSDEEP

12288:hi7dSJNIHK7z56ObA/a76A0dhj5L49CZ8SO29nZeMMXV1:91T76dlU9dJYMpF1

Score

10^/10

xloader i7dg discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

i7dg

Decoy

bj-htst.com

christiandavidcreates.com

boozypints.com

climatetechventurestudios.com

kefconcierge.com

shoplasero.com

privacybydesign.digital

irenehigginson.com

derxikx.icu

connorcartledgerock.com

gtja899.com

boloblo.com

marquesdecuernavaca.com

montascaleofferteinfosit.com

blun33.com

24sc.net

equalaccesswebsites.com

bschgjs.com

wqfilter.com

o72lab.com

Targets

- Target
  
  8ed7a017019ddb3974773f00201ce7ff_JaffaCakes118
- Size
  
  898KB
- MD5
  
  8ed7a017019ddb3974773f00201ce7ff
- SHA1
  
  f16859ce1b234c227839c5a281657fcac3fca32b
- SHA256
  
  d1f6a233ac2f32b294aab2fbab59ffea7747cbe238fc12efa7e8d4bf064ffea9
- SHA512
  
  7d60ca32f12d5c73772f10f7bf614547db3613fcb0626af2583dd3038b983e9a69fce6f31cd02649e3cb9f4c97d8d122868037b97240ff17af264b70e211d49c
- SSDEEP
  
  12288:hi7dSJNIHK7z56ObA/a76A0dhj5L49CZ8SO29nZeMMXV1:91T76dlU9dJYMpF1
Score

10^/10

xloader i7dg discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderi7dgdiscoveryloaderrat

behavioral2

xloaderi7dgdiscoveryloaderrat