Overview

overview

10

Static

static

3

fefe09053c...18.exe

windows7-x64

10

fefe09053c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fefe09053c9283531d0b271d632d54ef_JaffaCakes118

  • Size

    939KB

  • Sample

    240421-lnxhhsgb55

  • MD5

    fefe09053c9283531d0b271d632d54ef

  • SHA1

    44449b8240bdd48d25417300af1ccc34db23e6b1

  • SHA256

    ed14edeb1427a2305fb5a50144e265ce4c7ca266b5187bf8549c69b926c175b5

  • SHA512

    34fd4f7b06877538caef337f4021be561ad7bbfa150a0b99aeed440d817174124da1cfe9a7e1ba576737322892210db5684f8650579352a72f5b9a03363e1b7f

  • SSDEEP

    24576:5CekWjvxf0B2ONNaWLiwwmF8U2ukfMrU:wekWjpf03awwmF/2O

Score
10/10
xloadera0celoaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

a0ce

Decoy

chennaiprintshop.com

criminallawbd.com

www140800.com

southernleaflounge.com

moderngypsydesignlabs.com

bioarmourtech.com

simplyalina.com

picnicdepot.com

peshawarsc.com

innovativecustomcabinetry.com

fzju-ovrzw.xyz

63mews.com

giovannitarga.com

modernofficeaccessories.com

a2zpetcare.net

online-nb.com

brateix.info

bosc.pro

xcarethospitality.com

sedulabs.com

Targets

    • Target

      fefe09053c9283531d0b271d632d54ef_JaffaCakes118

    • Size

      939KB

    • MD5

      fefe09053c9283531d0b271d632d54ef

    • SHA1

      44449b8240bdd48d25417300af1ccc34db23e6b1

    • SHA256

      ed14edeb1427a2305fb5a50144e265ce4c7ca266b5187bf8549c69b926c175b5

    • SHA512

      34fd4f7b06877538caef337f4021be561ad7bbfa150a0b99aeed440d817174124da1cfe9a7e1ba576737322892210db5684f8650579352a72f5b9a03363e1b7f

    • SSDEEP

      24576:5CekWjvxf0B2ONNaWLiwwmF8U2ukfMrU:wekWjpf03awwmF/2O

    Score
    10/10
    xloadera0celoaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks