xloader | 068acc71b449db8c8b13a3b4ae214425b5b37919d465102d53f74b4fed65a027 | Triage

Sharing

General

Target

d68fcd5576cca039034fc707cb289e89_JaffaCakes118
Size

887KB
Sample

241208-mfh6la1jfs
MD5

d68fcd5576cca039034fc707cb289e89
SHA1

153d82297b26fbcf026f4cc456d59233e6827bb7
SHA256

068acc71b449db8c8b13a3b4ae214425b5b37919d465102d53f74b4fed65a027
SHA512

61df5d7ab9c8ddbc54d14da25fc3e098dbc910d46d5b5c46bb6960754dd1554493ab4c8ad8e2b13ef46aff986461f5c8b1ac9ae636ff2414e40be41e925641b7
SSDEEP

12288:ScNjbrdVTjp8yOZsZodjlcRRjpwa4tVjco2vqKEmpt9M3HK7z4zKboASLF:3N3d8PeZkoNuTVj6CApYKSKboF

Score

10^/10

xloader nvq4 discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

nvq4

Decoy

emorytxinsurance.com

bastansonatarih.com

ysainasen.com

hillbilliesunite.net

lshuinai.com

consultpapers.com

digontorekha.com

diaobi.net

moonlightclayco.com

sh-junshen.com

maksavit.site

ushasoftbd.com

vienesacarnicos.com

milkonphone.com

lifeinthelineofduty.com

blackamericanoutlaw.com

wonkrushop.com

elearnium.com

scottbruce.info

anantaonline.com

Targets

- Target
  
  d68fcd5576cca039034fc707cb289e89_JaffaCakes118
- Size
  
  887KB
- MD5
  
  d68fcd5576cca039034fc707cb289e89
- SHA1
  
  153d82297b26fbcf026f4cc456d59233e6827bb7
- SHA256
  
  068acc71b449db8c8b13a3b4ae214425b5b37919d465102d53f74b4fed65a027
- SHA512
  
  61df5d7ab9c8ddbc54d14da25fc3e098dbc910d46d5b5c46bb6960754dd1554493ab4c8ad8e2b13ef46aff986461f5c8b1ac9ae636ff2414e40be41e925641b7
- SSDEEP
  
  12288:ScNjbrdVTjp8yOZsZodjlcRRjpwa4tVjco2vqKEmpt9M3HK7z4zKboASLF:3N3d8PeZkoNuTVj6CApYKSKboF
Score

10^/10

xloader nvq4 discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloadernvq4discoveryloaderrat

behavioral2

xloadernvq4discoveryloaderrat