xloader

General

Target

9.exe
Size

1.1MB
Sample

211008-q5qhraeeb9
MD5

fa3bd9cad3793c9cf8bdfac4159cb366
SHA1

54edf2049e0e177e6be114ac567b9a7c413a3b61
SHA256

ff577215d4aaa29ae63860167282ceeb0a703daadfdaef2155102500c269caa2
SHA512

a0ef4f68ffdf7e55a003e4bdf49b450ecdf4e4d92de4555e1fa0e77e5f2d7766b109a727ffde378ef9152a4198325c13af12a9fdf73f79755cc6398eadc42cdd

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pvxz

C2

http://www.finetipster.com/pvxz/

Decoy

imt-token.club

abravewayocen.online

shcloudcar.com

mshoppingworld.online

ncgf08.xyz

stuinfo.xyz

wesavetheplanetofficial.com

tourbox.xyz

believeinyourselftraining.com

jsboyat.com

aaeconomy.info

9etmorea.info

purosepeti7.com

goticketly.com

pinkmemorypt.com

mylifewellnesscentre.com

iridina.online

petrestore.online

neema.xyz

novelfooditalia.com

Targets

- Target
  
  9.exe
- Size
  
  1.1MB
- MD5
  
  fa3bd9cad3793c9cf8bdfac4159cb366
- SHA1
  
  54edf2049e0e177e6be114ac567b9a7c413a3b61
- SHA256
  
  ff577215d4aaa29ae63860167282ceeb0a703daadfdaef2155102500c269caa2
- SHA512
  
  a0ef4f68ffdf7e55a003e4bdf49b450ecdf4e4d92de4555e1fa0e77e5f2d7766b109a727ffde378ef9152a4198325c13af12a9fdf73f79755cc6398eadc42cdd
Score

10^/10

xloader pvxz loader persistence rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2