xloader | bffc9c0c74952c439ca980be37a1f1e21c182b13c992f1a345a541413bfea91a | Triage

Submit
Reports

Overview

overview

Static

static

3

74bd3fc078...18.exe

windows7-x64

74bd3fc078...18.exe

windows10-2004-x64

Sharing

General

Target

74bd3fc0782c84d45e5659a378f9dc01JaffaCakes118
Size

408KB
Sample

240531-dq6vzaec82
MD5

74bd3fc0782c84d45e5659a378f9dc01
SHA1

e905675d92d1ee0d278796af59827b1231cc9d34
SHA256

bffc9c0c74952c439ca980be37a1f1e21c182b13c992f1a345a541413bfea91a
SHA512

0da4491c4558970de3f13a85769d73354b2b369031fd3bfee2c8d3a393c814a005f6f2a3e32edf4d5c563dfaf0b3fdb1c49006ec51c2bd673bb814517dba7e80
SSDEEP

6144:LHAgbCa8sGQTpS1KzolRLNYXkw7W1ZA4s9m8HTVZ:LHX8kT8KznXkBskUTVZ

Score

10^/10

xloader u4xn loader persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

74bd3fc0782c84d45e5659a378f9dc01JaffaCakes118.exe

Resource

win7-20231129-en

xloader u4xn loader persistence rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

74bd3fc0782c84d45e5659a378f9dc01JaffaCakes118.exe

Resource

win10v2004-20240426-en

xloader u4xn loader persistence rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

xloader

Version

2.1

Campaign

u4xn

Decoy

yanghl.com

decorvea.online

xn--fjq92bw28b1tloj5a39d42h.com

yumler.info

laketravisautosales.net

zjnrgx.info

harrimanpm.com

dell-yh.com

eze.fitness

pritpritzoom.com

hackgarage.com

mydomterry.net

castrotom.com

coffeecosplay.com

wsfg-hk.com

crystalbeachstudio.com

bestofreadbook.win

sutasz.info

yunfengyue.com

h11011.com

hfcwf.com

hate.ltd

ensembleharmonie.com

reikimaestro.com

ipz-127.com

totalunch.com

sn-iz.com

sanlorenzosuites.net

androidhunts.com

ci3tmsu.top

naciparaemprender.com

power-up-premium.site

news3105.pictures

netcone.net

ferimen.com

coffeeklat.com

vrtrainsimulator.com

jialingdi.net

cloudsupport-service.info

menshealthreport.net

my-agroparts.com

hitoketa-m.net

fer666.com

a36990.com

jeromesglobal.com

adimaio.com

carbapenem-resistant-option.com

samlinegroupuk.com

rokenstudio.com

koreayu61.com

qiyefanhe.com

ilovedelilah.com

yubeibaby.com

shopvoyeu.com

smilesandblossoms.com

dqicwa.info

jedichain.com

aquaterm.online

kabonyhandmade.com

agmtraders.com

musicfashionmust.com

dotrucksmax.live

getreadyherenow4.info

thequeenbeeteam.net

mage-cart.info

Targets

- Target
  
  74bd3fc0782c84d45e5659a378f9dc01JaffaCakes118
- Size
  
  408KB
- MD5
  
  74bd3fc0782c84d45e5659a378f9dc01
- SHA1
  
  e905675d92d1ee0d278796af59827b1231cc9d34
- SHA256
  
  bffc9c0c74952c439ca980be37a1f1e21c182b13c992f1a345a541413bfea91a
- SHA512
  
  0da4491c4558970de3f13a85769d73354b2b369031fd3bfee2c8d3a393c814a005f6f2a3e32edf4d5c563dfaf0b3fdb1c49006ec51c2bd673bb814517dba7e80
- SSDEEP
  
  6144:LHAgbCa8sGQTpS1KzolRLNYXkw7W1ZA4s9m8HTVZ:LHX8kT8KznXkBskUTVZ
Score

10^/10

xloader u4xn loader persistence rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xloaderu4xnloaderpersistencerat

behavioral2

xloaderu4xnloaderpersistencerat

© 2018-2024

Terms | Privacy