xloader

General

Target

payment 001.r00
Size

490KB
Sample

210927-eq62eaffh2
MD5

0821865d2b73d1f6a7b6c07522e14c63
SHA1

d2daa99c6a03d8a0b1734f4ae68ccb46b44e3223
SHA256

79be541f25bdd8abb7e7111bf0d3642b941cfa0349d2b5e7441773c81e6aa8d4
SHA512

4afdb8e7be357d1eac56134a96c519061666556298cc39108b202cfa85f41051999c4fc8211b1dc8cca492a798100beb641146ffd960fcf8c2ddb648772740a2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

jdt0

C2

http://www.jen4x.com/jdt0/

Decoy

william188.com

kmknim.com

freedomnofear.com

industrialohare.com

devopswave.com

g1fz.com

aliceguidi.info

linkared.com

crossboda.com

lpddr3.com

ktnword.xyz

productsdesign.top

dulichnhatviet.com

piazzaassociates.com

inpude.com

kmi.contractors

getkyrobak.com

sportinggoodssuperstore.com

trifoly.info

aspectjudge.com

Targets

- Target
  
  $$$.exe
- Size
  
  761KB
- MD5
  
  2d4991b52cb7c3f5e3cb8ed4d22c069a
- SHA1
  
  5f16af33b1cc461e4c6b4f5d1848547040fa1772
- SHA256
  
  984dec79b881adf59d5308f52fddeda0fbccbd917b750f6ec9a5be1a1a4dc0fa
- SHA512
  
  ee17ff87e053092385d90337cbab6719822f137dbf33408f10dc52f4c0db2579f54d56d54be7e55439945705de9005c27e361c29909d05704339c5333a8b14a2
Score

10^/10

xloader jdt0 loader persistence rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2