xloader | 2cafd6a04fade27244a6ab707269e8c9d160fd63097b77d25b08fab12b8ce138 | Triage

Sharing

General

Target

2cafd6a04fade27244a6ab707269e8c9d160fd63097b77d25b08fab12b8ce138
Size

407KB
Sample

241121-y1c1vs1lgk
MD5

9d29199f092725f719339e765f91f233
SHA1

3256bd02b22e2ed8148fddee09a2b8c460fe71a8
SHA256

2cafd6a04fade27244a6ab707269e8c9d160fd63097b77d25b08fab12b8ce138
SHA512

8cb9131016e9689af5704a09b79ab010a66dbe71c83b14d5560569f35e8fdb9977647f146647d567778156bcee53424588a1166d79a5ff450b69d1042dcf615d
SSDEEP

12288:LltqXIngdXLRm0Bv2AP0kVdk1PNQMsGkxCpJ+bi:ZgXB408AtdoVd

Score

10^/10

xloader cpa3 discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

cpa3

Decoy

tabbys.art

az5t2mceh9p88.net

victorloubaque.com

artesublime.life

trends.fan

connectpeople2land.com

seodrift.com

carpetcleaningtexas.com

ibimedia.net

whizkeyopc.xyz

blazedisinfecting.com

high55.com

tunemydatabase.com

adoptidmind.com

evuevobjtwwnajtk.com

sonoranrp.com

modelbyvmj.com

jpsalesouth.site

wsezs.com

sanamostodos.com

Targets

- Target
  
  29dd69cfbede950f9d60f73f37b6ef375ecafce6a76e39f4be04cb5b018b5bfc
- Size
  
  607KB
- MD5
  
  5d6ee890a6926afe19c29151a45bb616
- SHA1
  
  c9d95f0b419c5222016879c7e40cfce8c2d5a751
- SHA256
  
  29dd69cfbede950f9d60f73f37b6ef375ecafce6a76e39f4be04cb5b018b5bfc
- SHA512
  
  307dae8b0f5dc8a9f3cbcf9c0a0e0e25d7b3bc25d7c13eab29d0bc3b00db8f6370ddd25c6202673feb95c54e58702f1b7fa84749648b732913993d73f3b33a59
- SSDEEP
  
  12288:jWYxaM8KuQq/b3FhL30Z/wSt5KECWAhmEq5Em:MjQSb3rLa/9WthmEqu
Score

10^/10

xloader cpa3 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloadercpa3discoveryloaderrat

behavioral2

xloadercpa3discoveryloaderrat