xloader | 309823f6a6820db5d24443327e3b566f8d2aa16b3a9052086f521488a46e1532 | Triage

Sharing

General

Target

JaffaCakes118_f9ed39427014d807dbbbf35c45d411bd
Size

673KB
Sample

250111-hj5rjsskbm
MD5

f9ed39427014d807dbbbf35c45d411bd
SHA1

ec55a74f3cda76f09db8f409572a944c8bdaf346
SHA256

309823f6a6820db5d24443327e3b566f8d2aa16b3a9052086f521488a46e1532
SHA512

c5598c7f370c4c9c87c6a4e2782add3ef609abdec4cc5325ca0e27e7a7a75a23dcf8d1496b861449e1b3c205c3f63958795a33e8ae070894d100d34bc6d96ec7
SSDEEP

12288:jodfjOW9PQ/UaYd0uw7yk8eZ7Lz2p9g9YuzA+jJp0LdMJUl22:8Bu/kO7nP97z9

Score

10^/10

xloader pfrp discovery loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pfrp

Decoy

aodesai.store

sultrymilfs.com

gratisratio.com

syntheticloot.net

imnntomen.xyz

fantacyfreshwaterfishing.com

onesolutionasia.com

xn--laufgefhl-bocholt-82b.com

hausense.quest

broncomall.com

ioewur.xyz

wilsontennis.store

eleditorplatense.com

windowcompanynaperville.com

azuremodule.com

letziexpress.com

idtbc.com

herbalshishaflower.com

basementdwellersnft.com

28686ay.com

Targets

- Target
  
  JaffaCakes118_f9ed39427014d807dbbbf35c45d411bd
- Size
  
  673KB
- MD5
  
  f9ed39427014d807dbbbf35c45d411bd
- SHA1
  
  ec55a74f3cda76f09db8f409572a944c8bdaf346
- SHA256
  
  309823f6a6820db5d24443327e3b566f8d2aa16b3a9052086f521488a46e1532
- SHA512
  
  c5598c7f370c4c9c87c6a4e2782add3ef609abdec4cc5325ca0e27e7a7a75a23dcf8d1496b861449e1b3c205c3f63958795a33e8ae070894d100d34bc6d96ec7
- SSDEEP
  
  12288:jodfjOW9PQ/UaYd0uw7yk8eZ7Lz2p9g9YuzA+jJp0LdMJUl22:8Bu/kO7nP97z9
Score

10^/10

xloader pfrp discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderpfrpdiscoveryloaderrat

behavioral2

xloaderpfrpdiscoveryloaderrat