xloader

General

Target

po.exe
Size

847KB
Sample

211020-zw6m2shfa8
MD5

5723a775452272c5b0508628a1d94364
SHA1

827e1716937a9579a71cce148e01afda49a18f7c
SHA256

efd1897cf1232815bb1f1fbe8496804186d7c48c6bfa05b2dea6bd3bb0b67ed0
SHA512

4b763ea50bb8160cc92c0b416c9bb80cf6ac6be920f9e5e49b5fde1969c010654d92834897296669d54d3650908a29ed0912e22c71ab5268af76e3c988c89064

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bsz6

C2

http://www.hosotructiep.online/bsz6/

Decoy

rn-interior.com

padimo40.com

original-photos.com

gigacode.club

sacarwrap.com

daphne1.com

studyabroadway.com

caddonline.com

medicareadvplans.net

keyuhair.com

ethenea-paris.com

hungryhollow.farm

hirdavatgezegeni.com

biotransmitter.com

vrikshamfinance.com

holzhafen-bodensee.com

houseofbegums.com

dream-mart.tech

csitexas.biz

kitchenalamode.xyz

Targets

- Target
  
  po.exe
- Size
  
  847KB
- MD5
  
  5723a775452272c5b0508628a1d94364
- SHA1
  
  827e1716937a9579a71cce148e01afda49a18f7c
- SHA256
  
  efd1897cf1232815bb1f1fbe8496804186d7c48c6bfa05b2dea6bd3bb0b67ed0
- SHA512
  
  4b763ea50bb8160cc92c0b416c9bb80cf6ac6be920f9e5e49b5fde1969c010654d92834897296669d54d3650908a29ed0912e22c71ab5268af76e3c988c89064
Score

10^/10

xloader bsz6 loader persistence rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Blocklisted process makes network request

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2