xloader

General

Target

5817230832074752.zip
Size

501KB
Sample

211026-zzs65aacg5
MD5

1739810fab67b61a54f1c94c1ff88339
SHA1

affaf7293d47e696a270a89973fcd424effaa637
SHA256

2c6fad6a7fb8a7a34573dde4421ef3ad0dbf0b03da7d99aa34a9b398847914dc
SHA512

268439647f65b38caa005b36748f23d8ea20923847c5d3c0d979af45fb23e8c6177bb75d11904e38856a3a7fd8d05feb3c76318214602058bf8090707e157396

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bsz6

C2

http://www.hosotructiep.online/bsz6/

Decoy

rn-interior.com

padimo40.com

original-photos.com

gigacode.club

sacarwrap.com

daphne1.com

studyabroadway.com

caddonline.com

medicareadvplans.net

keyuhair.com

ethenea-paris.com

hungryhollow.farm

hirdavatgezegeni.com

biotransmitter.com

vrikshamfinance.com

holzhafen-bodensee.com

houseofbegums.com

dream-mart.tech

csitexas.biz

kitchenalamode.xyz

Targets

- Target
  
  c3c712f6cafb2e2768423e6e5dd623177962b820e140d1942099090ba67b8100
- Size
  
  1017KB
- MD5
  
  72a251065b2ede0e5f7cd372e04a815c
- SHA1
  
  df56b66ab765c9418658b6e4ccfab96a89bb357b
- SHA256
  
  c3c712f6cafb2e2768423e6e5dd623177962b820e140d1942099090ba67b8100
- SHA512
  
  5c7bb1fa8184fb0bbf3407abb85c20383ea24c9244801c0f57063985bf5a5f13cc4c3f2aeb33a63478895844315e0dcafba830cc3bc6e2286b12e187e0c1729a
Score

10^/10

xloader bsz6 loader persistence rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2